From 0a1e9c27836e6e8ec554af2055a66d3db7a212f7 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Thu, 9 May 2024 13:27:46 -0400 Subject: [PATCH] Fixes for 6.6 Signed-off-by: Sasha Levin --- ...9p-explicitly-deny-setlease-attempts.patch | 42 +++ ...ine6-zero-initialize-message-buffers.patch | 57 ++++ ...all-devices-to-wait-all-processes-be.patch | 79 ++++++ ...da-dsp-skip-imr-boot-on-ace-platform.patch | 68 +++++ ...-sata_gemini-check-clk_enable-result.patch | 38 +++ ...blk-iocost-avoid-out-of-bounds-shift.patch | 74 +++++ ...ot-warn-if-iocg-was-already-offlined.patch | 62 +++++ ...ck-fix-overflow-in-blk_ioctl_discard.patch | 49 ++++ ...pf-check-bloom-filter-map-value-size.patch | 85 ++++++ ...lear-pertrans-metadata-during-commit.patch | 44 +++ ..._clear_delalloc_extent-free-delalloc.patch | 41 +++ ...urate-error-code-on-open-failure-in-.patch | 74 +++++ ...d-prepare_lock-when-calling-kref_put.patch | 71 +++++ ...-don-t-free-ring-buffers-that-couldn.patch | 50 ++++ ...-leak-pages-if-set_memory_encrypted-.patch | 83 ++++++ ...-track-decrypted-status-in-vmbus_gpa.patch | 102 +++++++ ...skip-on-writeback-when-it-s-not-appl.patch | 66 +++++ ...-fix-vcn-allocation-in-cpx-partition.patch | 67 +++++ ...ment-irq_state_enable-for-sdma-v4.4..patch | 51 ++++ ...gpu-refine-ib-schedule-error-logging.patch | 49 ++++ ...ck-cgroup-when-returning-dmabuf-info.patch | 46 ++++ ...-check-cp-bad-op-exception-interrupt.patch | 104 +++++++ ...p-don-t-probe-edp-ports-twice-harder.patch | 57 ++++ .../drm-radeon-silence-ubsan-warning-v3.patch | 78 ++++++ ...sk-bus-reset-interrupts-between-isr-.patch | 87 ++++++ ...rop-inodes-immediately-on-non-.l-too.patch | 31 +++ ...che-always-being-enabled-on-files-wi.patch | 45 ++++ ...late-rwx-permissions-for-plain-9p200.patch | 37 +++ .../fs-9p-translate-o_trunc-into-otrunc.patch | 36 +++ ...nvalid-metadata-access-in-punch_hole.patch | 47 ++++ ...rystalcove-use-enotsupp-consistently.patch | 35 +++ .../gpio-lpc32xx-fix-module-autoloading.patch | 34 +++ ...gpio-wcove-use-enotsupp-consistently.patch | 36 +++ ...do-not-setup-dma-for-virtual-devices.patch | 61 +++++ ...v_netvsc-don-t-free-decrypted-memory.patch | 53 ++++ .../iommu-mtk-fix-module-autoloading.patch | 48 ++++ ...csan-for-autogenerated-.mod.c-interm.patch | 100 +++++++ ...tests-fix-undefined-reference-to-bit.patch | 41 +++ ...ix-undefined-reference-to-early_pfn_.patch | 43 +++ ...sts-fix-undefined-reference-to-panic.patch | 67 +++++ ...thread_info.syscall-unconditionally-.patch | 255 ++++++++++++++++++ ...et-bcmgenet-reset-rbuf-on-first-open.patch | 83 ++++++ ...net-mark-racy-access-on-sk-sk_rcvbuf.patch | 48 ++++ ...usb-qmi_wwan-support-rolling-modules.patch | 70 +++++ ...t-add-granite-rapids-d-to-hpm-cpu-li.patch | 38 +++ ...hacha-p10-fix-failure-on-non-power10.patch | 90 +++++++ ...egulator-tps65132-add-of_match-table.patch | 49 ++++ ...ve-spin_lock_bh-while-releasing-reso.patch | 86 ++++++ ...ndle-the-ncq-error-returned-by-d2h-f.patch | 49 ++++ ...n-smp-request-allocation-to-arch_dma.patch | 46 ++++ ...piv-s-transport-unregistration-to-af.patch | 60 +++++ ...e-hbalock-before-calling-lpfc_worker.patch | 129 +++++++++ ...-irqf_oneshot-flag-from-threaded-irq.patch | 43 +++ ...e-hbalock-with-ndlp-lock-in-lpfc_nvm.patch | 40 +++ ...e-lpfc_ramp_down_queue_handler-logic.patch | 92 +++++++ ...a-dedicated-lock-for-ras_fwlog-state.patch | 237 ++++++++++++++++ ...d-memcpy-field-spanning-write-warnin.patch | 62 +++++ ...selinux-error-when-systemd-modules-l.patch | 68 +++++ ...i-ufs-core-fix-mcq-mac-configuration.patch | 39 +++ ...ore-fix-mcq-mode-dev-command-timeout.patch | 43 +++ ...un-suspend-dev-link-state-error-reco.patch | 45 ++++ ...-fix-event-filter-target_func-select.patch | 93 +++++++ ...-fix-valid-adjtimex-signed-left-shif.patch | 139 ++++++++++ queue-6.6/series | 78 ++++++ ...reconnect-when-password-changing-on-.patch | 212 +++++++++++++++ ...c-add-a-missing-rpc_stat-for-tcp-tls.patch | 99 +++++++ ...r-turbostat-fix-added-raw-msr-output.patch | 87 ++++++ ...ostat-fix-bzy_mhz-documentation-typo.patch | 35 +++ ...ostat-fix-uncore-frequency-file-stri.patch | 53 ++++ ...ostat-fix-warning-upon-failed-dev-cp.patch | 42 +++ ...ostat-increase-the-limit-for-fd-open.patch | 86 ++++++ ...ostat-print-ucode-revision-only-if-v.patch | 59 ++++ ..._generic-don-t-free-decrypted-memory.patch | 76 ++++++ ...sf-explicitly-deny-setlease-attempts.patch | 37 +++ ...11-fix-rdev_dump_mpp-arguments-order.patch | 38 +++ ...-guard-against-invalid-sta-id-on-rem.patch | 46 ++++ ...iwlwifi-read-txq-read_ptr-under-lock.patch | 42 +++ ...fix-ieee80211_bss_-_flags-kernel-doc.patch | 49 ++++ ...80211-fix-prep_connection-error-path.patch | 51 ++++ 79 files changed, 5332 insertions(+) create mode 100644 queue-6.6/9p-explicitly-deny-setlease-attempts.patch create mode 100644 queue-6.6/alsa-line6-zero-initialize-message-buffers.patch create mode 100644 queue-6.6/amd-amdkfd-sync-all-devices-to-wait-all-processes-be.patch create mode 100644 queue-6.6/asoc-sof-intel-hda-dsp-skip-imr-boot-on-ace-platform.patch create mode 100644 queue-6.6/ata-sata_gemini-check-clk_enable-result.patch create mode 100644 queue-6.6/blk-iocost-avoid-out-of-bounds-shift.patch create mode 100644 queue-6.6/blk-iocost-do-not-warn-if-iocg-was-already-offlined.patch create mode 100644 queue-6.6/block-fix-overflow-in-blk_ioctl_discard.patch create mode 100644 queue-6.6/bpf-check-bloom-filter-map-value-size.patch create mode 100644 queue-6.6/btrfs-always-clear-pertrans-metadata-during-commit.patch create mode 100644 queue-6.6/btrfs-make-btrfs_clear_delalloc_extent-free-delalloc.patch create mode 100644 queue-6.6/btrfs-return-accurate-error-code-on-open-failure-in-.patch create mode 100644 queue-6.6/clk-don-t-hold-prepare_lock-when-calling-kref_put.patch create mode 100644 queue-6.6/drivers-hv-vmbus-don-t-free-ring-buffers-that-couldn.patch create mode 100644 queue-6.6/drivers-hv-vmbus-leak-pages-if-set_memory_encrypted-.patch create mode 100644 queue-6.6/drivers-hv-vmbus-track-decrypted-status-in-vmbus_gpa.patch create mode 100644 queue-6.6/drm-amd-display-skip-on-writeback-when-it-s-not-appl.patch create mode 100644 queue-6.6/drm-amdgpu-fix-vcn-allocation-in-cpx-partition.patch create mode 100644 queue-6.6/drm-amdgpu-implement-irq_state_enable-for-sdma-v4.4..patch create mode 100644 queue-6.6/drm-amdgpu-refine-ib-schedule-error-logging.patch create mode 100644 queue-6.6/drm-amdkfd-check-cgroup-when-returning-dmabuf-info.patch create mode 100644 queue-6.6/drm-amdkfd-range-check-cp-bad-op-exception-interrupt.patch create mode 100644 queue-6.6/drm-nouveau-dp-don-t-probe-edp-ports-twice-harder.patch create mode 100644 queue-6.6/drm-radeon-silence-ubsan-warning-v3.patch create mode 100644 queue-6.6/firewire-ohci-mask-bus-reset-interrupts-between-isr-.patch create mode 100644 queue-6.6/fs-9p-drop-inodes-immediately-on-non-.l-too.patch create mode 100644 queue-6.6/fs-9p-fix-the-cache-always-being-enabled-on-files-wi.patch create mode 100644 queue-6.6/fs-9p-only-translate-rwx-permissions-for-plain-9p200.patch create mode 100644 queue-6.6/fs-9p-translate-o_trunc-into-otrunc.patch create mode 100644 queue-6.6/gfs2-fix-invalid-metadata-access-in-punch_hole.patch create mode 100644 queue-6.6/gpio-crystalcove-use-enotsupp-consistently.patch create mode 100644 queue-6.6/gpio-lpc32xx-fix-module-autoloading.patch create mode 100644 queue-6.6/gpio-wcove-use-enotsupp-consistently.patch create mode 100644 queue-6.6/gpu-host1x-do-not-setup-dma-for-virtual-devices.patch create mode 100644 queue-6.6/hv_netvsc-don-t-free-decrypted-memory.patch create mode 100644 queue-6.6/iommu-mtk-fix-module-autoloading.patch create mode 100644 queue-6.6/kbuild-disable-kcsan-for-autogenerated-.mod.c-interm.patch create mode 100644 queue-6.6/memblock-tests-fix-undefined-reference-to-bit.patch create mode 100644 queue-6.6/memblock-tests-fix-undefined-reference-to-early_pfn_.patch create mode 100644 queue-6.6/memblock-tests-fix-undefined-reference-to-panic.patch create mode 100644 queue-6.6/mips-scall-save-thread_info.syscall-unconditionally-.patch create mode 100644 queue-6.6/net-bcmgenet-reset-rbuf-on-first-open.patch create mode 100644 queue-6.6/net-mark-racy-access-on-sk-sk_rcvbuf.patch create mode 100644 queue-6.6/net-usb-qmi_wwan-support-rolling-modules.patch create mode 100644 queue-6.6/platform-x86-isst-add-granite-rapids-d-to-hpm-cpu-li.patch create mode 100644 queue-6.6/powerpc-crypto-chacha-p10-fix-failure-on-non-power10.patch create mode 100644 queue-6.6/regulator-tps65132-add-of_match-table.patch create mode 100644 queue-6.6/scsi-bnx2fc-remove-spin_lock_bh-while-releasing-reso.patch create mode 100644 queue-6.6/scsi-hisi_sas-handle-the-ncq-error-returned-by-d2h-f.patch create mode 100644 queue-6.6/scsi-libsas-align-smp-request-allocation-to-arch_dma.patch create mode 100644 queue-6.6/scsi-lpfc-move-npiv-s-transport-unregistration-to-af.patch create mode 100644 queue-6.6/scsi-lpfc-release-hbalock-before-calling-lpfc_worker.patch create mode 100644 queue-6.6/scsi-lpfc-remove-irqf_oneshot-flag-from-threaded-irq.patch create mode 100644 queue-6.6/scsi-lpfc-replace-hbalock-with-ndlp-lock-in-lpfc_nvm.patch create mode 100644 queue-6.6/scsi-lpfc-update-lpfc_ramp_down_queue_handler-logic.patch create mode 100644 queue-6.6/scsi-lpfc-use-a-dedicated-lock-for-ras_fwlog-state.patch create mode 100644 queue-6.6/scsi-mpi3mr-avoid-memcpy-field-spanning-write-warnin.patch create mode 100644 queue-6.6/scsi-target-fix-selinux-error-when-systemd-modules-l.patch create mode 100644 queue-6.6/scsi-ufs-core-fix-mcq-mac-configuration.patch create mode 100644 queue-6.6/scsi-ufs-core-fix-mcq-mode-dev-command-timeout.patch create mode 100644 queue-6.6/scsi-ufs-core-wlun-suspend-dev-link-state-error-reco.patch create mode 100644 queue-6.6/selftests-ftrace-fix-event-filter-target_func-select.patch create mode 100644 queue-6.6/selftests-timers-fix-valid-adjtimex-signed-left-shif.patch create mode 100644 queue-6.6/smb3-fix-broken-reconnect-when-password-changing-on-.patch create mode 100644 queue-6.6/sunrpc-add-a-missing-rpc_stat-for-tcp-tls.patch create mode 100644 queue-6.6/tools-power-turbostat-fix-added-raw-msr-output.patch create mode 100644 queue-6.6/tools-power-turbostat-fix-bzy_mhz-documentation-typo.patch create mode 100644 queue-6.6/tools-power-turbostat-fix-uncore-frequency-file-stri.patch create mode 100644 queue-6.6/tools-power-turbostat-fix-warning-upon-failed-dev-cp.patch create mode 100644 queue-6.6/tools-power-turbostat-increase-the-limit-for-fd-open.patch create mode 100644 queue-6.6/tools-power-turbostat-print-ucode-revision-only-if-v.patch create mode 100644 queue-6.6/uio_hv_generic-don-t-free-decrypted-memory.patch create mode 100644 queue-6.6/vboxsf-explicitly-deny-setlease-attempts.patch create mode 100644 queue-6.6/wifi-cfg80211-fix-rdev_dump_mpp-arguments-order.patch create mode 100644 queue-6.6/wifi-iwlwifi-mvm-guard-against-invalid-sta-id-on-rem.patch create mode 100644 queue-6.6/wifi-iwlwifi-read-txq-read_ptr-under-lock.patch create mode 100644 queue-6.6/wifi-mac80211-fix-ieee80211_bss_-_flags-kernel-doc.patch create mode 100644 queue-6.6/wifi-mac80211-fix-prep_connection-error-path.patch diff --git a/queue-6.6/9p-explicitly-deny-setlease-attempts.patch b/queue-6.6/9p-explicitly-deny-setlease-attempts.patch new file mode 100644 index 00000000000..05c00ff837e --- /dev/null +++ b/queue-6.6/9p-explicitly-deny-setlease-attempts.patch @@ -0,0 +1,42 @@ +From 1baa55dc10471d4cfc30f1b09ccb98e26e5593c6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 19 Mar 2024 12:34:45 -0400 +Subject: 9p: explicitly deny setlease attempts + +From: Jeff Layton + +[ Upstream commit 7a84602297d36617dbdadeba55a2567031e5165b ] + +9p is a remote network protocol, and it doesn't support asynchronous +notifications from the server. Ensure that we don't hand out any leases +since we can't guarantee they'll be broken when a file's contents +change. + +Signed-off-by: Jeff Layton +Signed-off-by: Eric Van Hensbergen +Signed-off-by: Sasha Levin +--- + fs/9p/vfs_file.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/fs/9p/vfs_file.c b/fs/9p/vfs_file.c +index 11cd8d23f6f23..8566ddad49ad5 100644 +--- a/fs/9p/vfs_file.c ++++ b/fs/9p/vfs_file.c +@@ -591,6 +591,7 @@ const struct file_operations v9fs_file_operations = { + .splice_read = v9fs_file_splice_read, + .splice_write = iter_file_splice_write, + .fsync = v9fs_file_fsync, ++ .setlease = simple_nosetlease, + }; + + const struct file_operations v9fs_file_operations_dotl = { +@@ -605,4 +606,5 @@ const struct file_operations v9fs_file_operations_dotl = { + .splice_read = v9fs_file_splice_read, + .splice_write = iter_file_splice_write, + .fsync = v9fs_file_fsync_dotl, ++ .setlease = simple_nosetlease, + }; +-- +2.43.0 + diff --git a/queue-6.6/alsa-line6-zero-initialize-message-buffers.patch b/queue-6.6/alsa-line6-zero-initialize-message-buffers.patch new file mode 100644 index 00000000000..47af0ba2888 --- /dev/null +++ b/queue-6.6/alsa-line6-zero-initialize-message-buffers.patch @@ -0,0 +1,57 @@ +From 713117ebec6543f1e19a141997394c13d166378d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 2 Apr 2024 08:36:25 +0200 +Subject: ALSA: line6: Zero-initialize message buffers + +From: Takashi Iwai + +[ Upstream commit c4e51e424e2c772ce1836912a8b0b87cd61bc9d5 ] + +For shutting up spurious KMSAN uninit-value warnings, just replace +kmalloc() calls with kzalloc() for the buffers used for +communications. There should be no real issue with the original code, +but it's still better to cover. + +Reported-by: syzbot+7fb05ccf7b3d2f9617b3@syzkaller.appspotmail.com +Closes: https://lore.kernel.org/r/00000000000084b18706150bcca5@google.com +Message-ID: <20240402063628.26609-1-tiwai@suse.de> +Signed-off-by: Takashi Iwai +Signed-off-by: Sasha Levin +--- + sound/usb/line6/driver.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/sound/usb/line6/driver.c b/sound/usb/line6/driver.c +index b67617b68e509..f4437015d43a7 100644 +--- a/sound/usb/line6/driver.c ++++ b/sound/usb/line6/driver.c +@@ -202,7 +202,7 @@ int line6_send_raw_message_async(struct usb_line6 *line6, const char *buffer, + struct urb *urb; + + /* create message: */ +- msg = kmalloc(sizeof(struct message), GFP_ATOMIC); ++ msg = kzalloc(sizeof(struct message), GFP_ATOMIC); + if (msg == NULL) + return -ENOMEM; + +@@ -688,7 +688,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) + int ret; + + /* initialize USB buffers: */ +- line6->buffer_listen = kmalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); ++ line6->buffer_listen = kzalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); + if (!line6->buffer_listen) + return -ENOMEM; + +@@ -697,7 +697,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) + return -ENOMEM; + + if (line6->properties->capabilities & LINE6_CAP_CONTROL_MIDI) { +- line6->buffer_message = kmalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); ++ line6->buffer_message = kzalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); + if (!line6->buffer_message) + return -ENOMEM; + +-- +2.43.0 + diff --git a/queue-6.6/amd-amdkfd-sync-all-devices-to-wait-all-processes-be.patch b/queue-6.6/amd-amdkfd-sync-all-devices-to-wait-all-processes-be.patch new file mode 100644 index 00000000000..d202444ec13 --- /dev/null +++ b/queue-6.6/amd-amdkfd-sync-all-devices-to-wait-all-processes-be.patch @@ -0,0 +1,79 @@ +From 69375c526c12f321851c281ef74d474689c79e2c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 18 Mar 2024 14:13:10 -0400 +Subject: amd/amdkfd: sync all devices to wait all processes being evicted + +From: Zhigang Luo + +[ Upstream commit d06af584be5a769d124b7302b32a033e9559761d ] + +If there are more than one device doing reset in parallel, the first +device will call kfd_suspend_all_processes() to evict all processes +on all devices, this call takes time to finish. other device will +start reset and recover without waiting. if the process has not been +evicted before doing recover, it will be restored, then caused page +fault. + +Signed-off-by: Zhigang Luo +Reviewed-by: Felix Kuehling +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/amdkfd/kfd_device.c | 17 ++++++----------- + 1 file changed, 6 insertions(+), 11 deletions(-) + +diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_device.c b/drivers/gpu/drm/amd/amdkfd/kfd_device.c +index 93ce181eb3baa..913c70a0ef44f 100644 +--- a/drivers/gpu/drm/amd/amdkfd/kfd_device.c ++++ b/drivers/gpu/drm/amd/amdkfd/kfd_device.c +@@ -935,7 +935,6 @@ void kgd2kfd_suspend(struct kfd_dev *kfd, bool run_pm) + { + struct kfd_node *node; + int i; +- int count; + + if (!kfd->init_complete) + return; +@@ -943,12 +942,10 @@ void kgd2kfd_suspend(struct kfd_dev *kfd, bool run_pm) + /* for runtime suspend, skip locking kfd */ + if (!run_pm) { + mutex_lock(&kfd_processes_mutex); +- count = ++kfd_locked; +- mutex_unlock(&kfd_processes_mutex); +- + /* For first KFD device suspend all the KFD processes */ +- if (count == 1) ++ if (++kfd_locked == 1) + kfd_suspend_all_processes(); ++ mutex_unlock(&kfd_processes_mutex); + } + + for (i = 0; i < kfd->num_nodes; i++) { +@@ -959,7 +956,7 @@ void kgd2kfd_suspend(struct kfd_dev *kfd, bool run_pm) + + int kgd2kfd_resume(struct kfd_dev *kfd, bool run_pm) + { +- int ret, count, i; ++ int ret, i; + + if (!kfd->init_complete) + return 0; +@@ -973,12 +970,10 @@ int kgd2kfd_resume(struct kfd_dev *kfd, bool run_pm) + /* for runtime resume, skip unlocking kfd */ + if (!run_pm) { + mutex_lock(&kfd_processes_mutex); +- count = --kfd_locked; +- mutex_unlock(&kfd_processes_mutex); +- +- WARN_ONCE(count < 0, "KFD suspend / resume ref. error"); +- if (count == 0) ++ if (--kfd_locked == 0) + ret = kfd_resume_all_processes(); ++ WARN_ONCE(kfd_locked < 0, "KFD suspend / resume ref. error"); ++ mutex_unlock(&kfd_processes_mutex); + } + + return ret; +-- +2.43.0 + diff --git a/queue-6.6/asoc-sof-intel-hda-dsp-skip-imr-boot-on-ace-platform.patch b/queue-6.6/asoc-sof-intel-hda-dsp-skip-imr-boot-on-ace-platform.patch new file mode 100644 index 00000000000..76c1ebc65f2 --- /dev/null +++ b/queue-6.6/asoc-sof-intel-hda-dsp-skip-imr-boot-on-ace-platform.patch @@ -0,0 +1,68 @@ +From e32ff43a3c6dfd2f06fb21a1095ff6973d72f5b1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 22 Mar 2024 13:25:04 +0200 +Subject: ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of + S3 suspend + +From: Peter Ujfalusi + +[ Upstream commit c61115b37ff964d63191dbf4a058f481daabdf57 ] + +SoCs with ACE architecture are tailored to use s2idle instead deep (S3) +suspend state and the IMR content is lost when the system is forced to +enter even to S3. +When waking up from S3 state the IMR boot will fail as the content is lost. +Set the skip_imr_boot flag to make sure that we don't try IMR in this case. + +Signed-off-by: Peter Ujfalusi +Reviewed-by: Pierre-Louis Bossart +Reviewed-by: Rander Wang +Reviewed-by: Liam Girdwood +Reviewed-by: Ranjani Sridharan +Link: https://msgid.link/r/20240322112504.4192-1-peter.ujfalusi@linux.intel.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/sof/intel/hda-dsp.c | 20 +++++++++++++++----- + 1 file changed, 15 insertions(+), 5 deletions(-) + +diff --git a/sound/soc/sof/intel/hda-dsp.c b/sound/soc/sof/intel/hda-dsp.c +index 44f39a520bb39..e80a2a5ec56a1 100644 +--- a/sound/soc/sof/intel/hda-dsp.c ++++ b/sound/soc/sof/intel/hda-dsp.c +@@ -681,17 +681,27 @@ static int hda_suspend(struct snd_sof_dev *sdev, bool runtime_suspend) + struct sof_intel_hda_dev *hda = sdev->pdata->hw_pdata; + const struct sof_intel_dsp_desc *chip = hda->desc; + struct hdac_bus *bus = sof_to_bus(sdev); ++ bool imr_lost = false; + int ret, j; + + /* +- * The memory used for IMR boot loses its content in deeper than S3 state +- * We must not try IMR boot on next power up (as it will fail). +- * ++ * The memory used for IMR boot loses its content in deeper than S3 ++ * state on CAVS platforms. ++ * On ACE platforms due to the system architecture the IMR content is ++ * lost at S3 state already, they are tailored for s2idle use. ++ * We must not try IMR boot on next power up in these cases as it will ++ * fail. ++ */ ++ if (sdev->system_suspend_target > SOF_SUSPEND_S3 || ++ (chip->hw_ip_version >= SOF_INTEL_ACE_1_0 && ++ sdev->system_suspend_target == SOF_SUSPEND_S3)) ++ imr_lost = true; ++ ++ /* + * In case of firmware crash or boot failure set the skip_imr_boot to true + * as well in order to try to re-load the firmware to do a 'cold' boot. + */ +- if (sdev->system_suspend_target > SOF_SUSPEND_S3 || +- sdev->fw_state == SOF_FW_CRASHED || ++ if (imr_lost || sdev->fw_state == SOF_FW_CRASHED || + sdev->fw_state == SOF_FW_BOOT_FAILED) + hda->skip_imr_boot = true; + +-- +2.43.0 + diff --git a/queue-6.6/ata-sata_gemini-check-clk_enable-result.patch b/queue-6.6/ata-sata_gemini-check-clk_enable-result.patch new file mode 100644 index 00000000000..86478bd6d1f --- /dev/null +++ b/queue-6.6/ata-sata_gemini-check-clk_enable-result.patch @@ -0,0 +1,38 @@ +From c404704aaa80097cce23fd0087a3245b16a5408b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 3 Apr 2024 04:33:49 +0000 +Subject: ata: sata_gemini: Check clk_enable() result + +From: Chen Ni + +[ Upstream commit e85006ae7430aef780cc4f0849692e266a102ec0 ] + +The call to clk_enable() in gemini_sata_start_bridge() can fail. +Add a check to detect such failure. + +Signed-off-by: Chen Ni +Signed-off-by: Damien Le Moal +Signed-off-by: Sasha Levin +--- + drivers/ata/sata_gemini.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/ata/sata_gemini.c b/drivers/ata/sata_gemini.c +index 400b22ee99c33..4c270999ba3cc 100644 +--- a/drivers/ata/sata_gemini.c ++++ b/drivers/ata/sata_gemini.c +@@ -200,7 +200,10 @@ int gemini_sata_start_bridge(struct sata_gemini *sg, unsigned int bridge) + pclk = sg->sata0_pclk; + else + pclk = sg->sata1_pclk; +- clk_enable(pclk); ++ ret = clk_enable(pclk); ++ if (ret) ++ return ret; ++ + msleep(10); + + /* Do not keep clocking a bridge that is not online */ +-- +2.43.0 + diff --git a/queue-6.6/blk-iocost-avoid-out-of-bounds-shift.patch b/queue-6.6/blk-iocost-avoid-out-of-bounds-shift.patch new file mode 100644 index 00000000000..b548366eb04 --- /dev/null +++ b/queue-6.6/blk-iocost-avoid-out-of-bounds-shift.patch @@ -0,0 +1,74 @@ +From 1e4d5a04eab824387227523c68960cb0c7647840 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 4 Apr 2024 12:32:53 -0400 +Subject: blk-iocost: avoid out of bounds shift + +From: Rik van Riel + +[ Upstream commit beaa51b36012fad5a4d3c18b88a617aea7a9b96d ] + +UBSAN catches undefined behavior in blk-iocost, where sometimes +iocg->delay is shifted right by a number that is too large, +resulting in undefined behavior on some architectures. + +[ 186.556576] ------------[ cut here ]------------ +UBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23 +shift exponent 64 is too large for 64-bit type 'u64' (aka 'unsigned long long') +CPU: 16 PID: 0 Comm: swapper/16 Tainted: G S E N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1 +Hardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020 +Call Trace: + + dump_stack_lvl+0x8f/0xe0 + __ubsan_handle_shift_out_of_bounds+0x22c/0x280 + iocg_kick_delay+0x30b/0x310 + ioc_timer_fn+0x2fb/0x1f80 + __run_timer_base+0x1b6/0x250 +... + +Avoid that undefined behavior by simply taking the +"delay = 0" branch if the shift is too large. + +I am not sure what the symptoms of an undefined value +delay will be, but I suspect it could be more than a +little annoying to debug. + +Signed-off-by: Rik van Riel +Cc: Tejun Heo +Cc: Josef Bacik +Cc: Jens Axboe +Acked-by: Tejun Heo +Link: https://lore.kernel.org/r/20240404123253.0f58010f@imladris.surriel.com +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + block/blk-iocost.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/block/blk-iocost.c b/block/blk-iocost.c +index 7ee8d85c2c68d..a382b3a39820a 100644 +--- a/block/blk-iocost.c ++++ b/block/blk-iocost.c +@@ -1347,7 +1347,7 @@ static bool iocg_kick_delay(struct ioc_gq *iocg, struct ioc_now *now) + { + struct ioc *ioc = iocg->ioc; + struct blkcg_gq *blkg = iocg_to_blkg(iocg); +- u64 tdelta, delay, new_delay; ++ u64 tdelta, delay, new_delay, shift; + s64 vover, vover_pct; + u32 hwa; + +@@ -1362,8 +1362,9 @@ static bool iocg_kick_delay(struct ioc_gq *iocg, struct ioc_now *now) + + /* calculate the current delay in effect - 1/2 every second */ + tdelta = now->now - iocg->delay_at; +- if (iocg->delay) +- delay = iocg->delay >> div64_u64(tdelta, USEC_PER_SEC); ++ shift = div64_u64(tdelta, USEC_PER_SEC); ++ if (iocg->delay && shift < BITS_PER_LONG) ++ delay = iocg->delay >> shift; + else + delay = 0; + +-- +2.43.0 + diff --git a/queue-6.6/blk-iocost-do-not-warn-if-iocg-was-already-offlined.patch b/queue-6.6/blk-iocost-do-not-warn-if-iocg-was-already-offlined.patch new file mode 100644 index 00000000000..038fe0917a8 --- /dev/null +++ b/queue-6.6/blk-iocost-do-not-warn-if-iocg-was-already-offlined.patch @@ -0,0 +1,62 @@ +From 47da0d9e4880426d951675e75459454030511cb7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 19 Apr 2024 17:32:57 +0800 +Subject: blk-iocost: do not WARN if iocg was already offlined + +From: Li Nan + +[ Upstream commit 01bc4fda9ea0a6b52f12326486f07a4910666cf6 ] + +In iocg_pay_debt(), warn is triggered if 'active_list' is empty, which +is intended to confirm iocg is active when it has debt. However, warn +can be triggered during a blkcg or disk removal, if iocg_waitq_timer_fn() +is run at that time: + + WARNING: CPU: 0 PID: 2344971 at block/blk-iocost.c:1402 iocg_pay_debt+0x14c/0x190 + Call trace: + iocg_pay_debt+0x14c/0x190 + iocg_kick_waitq+0x438/0x4c0 + iocg_waitq_timer_fn+0xd8/0x130 + __run_hrtimer+0x144/0x45c + __hrtimer_run_queues+0x16c/0x244 + hrtimer_interrupt+0x2cc/0x7b0 + +The warn in this situation is meaningless. Since this iocg is being +removed, the state of the 'active_list' is irrelevant, and 'waitq_timer' +is canceled after removing 'active_list' in ioc_pd_free(), which ensures +iocg is freed after iocg_waitq_timer_fn() returns. + +Therefore, add the check if iocg was already offlined to avoid warn +when removing a blkcg or disk. + +Signed-off-by: Li Nan +Reviewed-by: Yu Kuai +Acked-by: Tejun Heo +Link: https://lore.kernel.org/r/20240419093257.3004211-1-linan666@huaweicloud.com +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + block/blk-iocost.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/block/blk-iocost.c b/block/blk-iocost.c +index a382b3a39820a..0dca77591d66c 100644 +--- a/block/blk-iocost.c ++++ b/block/blk-iocost.c +@@ -1439,8 +1439,11 @@ static void iocg_pay_debt(struct ioc_gq *iocg, u64 abs_vpay, + lockdep_assert_held(&iocg->ioc->lock); + lockdep_assert_held(&iocg->waitq.lock); + +- /* make sure that nobody messed with @iocg */ +- WARN_ON_ONCE(list_empty(&iocg->active_list)); ++ /* ++ * make sure that nobody messed with @iocg. Check iocg->pd.online ++ * to avoid warn when removing blkcg or disk. ++ */ ++ WARN_ON_ONCE(list_empty(&iocg->active_list) && iocg->pd.online); + WARN_ON_ONCE(iocg->inuse > 1); + + iocg->abs_vdebt -= min(abs_vpay, iocg->abs_vdebt); +-- +2.43.0 + diff --git a/queue-6.6/block-fix-overflow-in-blk_ioctl_discard.patch b/queue-6.6/block-fix-overflow-in-blk_ioctl_discard.patch new file mode 100644 index 00000000000..5278d11cbf7 --- /dev/null +++ b/queue-6.6/block-fix-overflow-in-blk_ioctl_discard.patch @@ -0,0 +1,49 @@ +From f58e1e8d502e926dc06c86d7adb0441fbb522c97 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 29 Mar 2024 09:23:19 +0800 +Subject: block: fix overflow in blk_ioctl_discard() + +From: Li Nan + +[ Upstream commit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 ] + +There is no check for overflow of 'start + len' in blk_ioctl_discard(). +Hung task occurs if submit an discard ioctl with the following param: + start = 0x80000000000ff000, len = 0x8000000000fff000; +Add the overflow validation now. + +Signed-off-by: Li Nan +Reviewed-by: Christoph Hellwig +Link: https://lore.kernel.org/r/20240329012319.2034550-1-linan666@huaweicloud.com +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + block/ioctl.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/block/ioctl.c b/block/ioctl.c +index d1d8e8391279a..68265f914c27b 100644 +--- a/block/ioctl.c ++++ b/block/ioctl.c +@@ -89,7 +89,7 @@ static int blk_ioctl_discard(struct block_device *bdev, blk_mode_t mode, + unsigned long arg) + { + uint64_t range[2]; +- uint64_t start, len; ++ uint64_t start, len, end; + struct inode *inode = bdev->bd_inode; + int err; + +@@ -110,7 +110,8 @@ static int blk_ioctl_discard(struct block_device *bdev, blk_mode_t mode, + if (len & 511) + return -EINVAL; + +- if (start + len > bdev_nr_bytes(bdev)) ++ if (check_add_overflow(start, len, &end) || ++ end > bdev_nr_bytes(bdev)) + return -EINVAL; + + filemap_invalidate_lock(inode->i_mapping); +-- +2.43.0 + diff --git a/queue-6.6/bpf-check-bloom-filter-map-value-size.patch b/queue-6.6/bpf-check-bloom-filter-map-value-size.patch new file mode 100644 index 00000000000..3d2b411104d --- /dev/null +++ b/queue-6.6/bpf-check-bloom-filter-map-value-size.patch @@ -0,0 +1,85 @@ +From a9a984b9e4a5bf88040361b668f02a0885390f57 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 26 Mar 2024 22:42:44 -0400 +Subject: bpf: Check bloom filter map value size + +From: Andrei Matei + +[ Upstream commit a8d89feba7e54e691ca7c4efc2a6264fa83f3687 ] + +This patch adds a missing check to bloom filter creating, rejecting +values above KMALLOC_MAX_SIZE. This brings the bloom map in line with +many other map types. + +The lack of this protection can cause kernel crashes for value sizes +that overflow int's. Such a crash was caught by syzkaller. The next +patch adds more guard-rails at a lower level. + +Signed-off-by: Andrei Matei +Acked-by: Andrii Nakryiko +Link: https://lore.kernel.org/r/20240327024245.318299-2-andreimatei1@gmail.com +Signed-off-by: Alexei Starovoitov +Signed-off-by: Sasha Levin +--- + kernel/bpf/bloom_filter.c | 13 +++++++++++++ + .../selftests/bpf/prog_tests/bloom_filter_map.c | 6 ++++++ + 2 files changed, 19 insertions(+) + +diff --git a/kernel/bpf/bloom_filter.c b/kernel/bpf/bloom_filter.c +index addf3dd57b59b..35e1ddca74d21 100644 +--- a/kernel/bpf/bloom_filter.c ++++ b/kernel/bpf/bloom_filter.c +@@ -80,6 +80,18 @@ static int bloom_map_get_next_key(struct bpf_map *map, void *key, void *next_key + return -EOPNOTSUPP; + } + ++/* Called from syscall */ ++static int bloom_map_alloc_check(union bpf_attr *attr) ++{ ++ if (attr->value_size > KMALLOC_MAX_SIZE) ++ /* if value_size is bigger, the user space won't be able to ++ * access the elements. ++ */ ++ return -E2BIG; ++ ++ return 0; ++} ++ + static struct bpf_map *bloom_map_alloc(union bpf_attr *attr) + { + u32 bitset_bytes, bitset_mask, nr_hash_funcs, nr_bits; +@@ -191,6 +203,7 @@ static u64 bloom_map_mem_usage(const struct bpf_map *map) + BTF_ID_LIST_SINGLE(bpf_bloom_map_btf_ids, struct, bpf_bloom_filter) + const struct bpf_map_ops bloom_filter_map_ops = { + .map_meta_equal = bpf_map_meta_equal, ++ .map_alloc_check = bloom_map_alloc_check, + .map_alloc = bloom_map_alloc, + .map_free = bloom_map_free, + .map_get_next_key = bloom_map_get_next_key, +diff --git a/tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c b/tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c +index d2d9e965eba59..f79815b7e951b 100644 +--- a/tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c ++++ b/tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c +@@ -2,6 +2,7 @@ + /* Copyright (c) 2021 Facebook */ + + #include ++#include + #include + #include "bloom_filter_map.skel.h" + +@@ -21,6 +22,11 @@ static void test_fail_cases(void) + if (!ASSERT_LT(fd, 0, "bpf_map_create bloom filter invalid value size 0")) + close(fd); + ++ /* Invalid value size: too big */ ++ fd = bpf_map_create(BPF_MAP_TYPE_BLOOM_FILTER, NULL, 0, INT32_MAX, 100, NULL); ++ if (!ASSERT_LT(fd, 0, "bpf_map_create bloom filter invalid value too large")) ++ close(fd); ++ + /* Invalid max entries size */ + fd = bpf_map_create(BPF_MAP_TYPE_BLOOM_FILTER, NULL, 0, sizeof(value), 0, NULL); + if (!ASSERT_LT(fd, 0, "bpf_map_create bloom filter invalid max entries size")) +-- +2.43.0 + diff --git a/queue-6.6/btrfs-always-clear-pertrans-metadata-during-commit.patch b/queue-6.6/btrfs-always-clear-pertrans-metadata-during-commit.patch new file mode 100644 index 00000000000..5c0151cc60c --- /dev/null +++ b/queue-6.6/btrfs-always-clear-pertrans-metadata-during-commit.patch @@ -0,0 +1,44 @@ +From 40dea1f1767d2717b8fb7ab72cc6214103ce0102 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 26 Mar 2024 12:01:28 -0700 +Subject: btrfs: always clear PERTRANS metadata during commit + +From: Boris Burkov + +[ Upstream commit 6e68de0bb0ed59e0554a0c15ede7308c47351e2d ] + +It is possible to clear a root's IN_TRANS tag from the radix tree, but +not clear its PERTRANS, if there is some error in between. Eliminate +that possibility by moving the free up to where we clear the tag. + +Reviewed-by: Qu Wenruo +Signed-off-by: Boris Burkov +Signed-off-by: David Sterba +Signed-off-by: Sasha Levin +--- + fs/btrfs/transaction.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c +index 457ec7d02a9ac..0548072c642fb 100644 +--- a/fs/btrfs/transaction.c ++++ b/fs/btrfs/transaction.c +@@ -1449,6 +1449,7 @@ static noinline int commit_fs_roots(struct btrfs_trans_handle *trans) + radix_tree_tag_clear(&fs_info->fs_roots_radix, + (unsigned long)root->root_key.objectid, + BTRFS_ROOT_TRANS_TAG); ++ btrfs_qgroup_free_meta_all_pertrans(root); + spin_unlock(&fs_info->fs_roots_radix_lock); + + btrfs_free_log(trans, root); +@@ -1473,7 +1474,6 @@ static noinline int commit_fs_roots(struct btrfs_trans_handle *trans) + if (ret2) + return ret2; + spin_lock(&fs_info->fs_roots_radix_lock); +- btrfs_qgroup_free_meta_all_pertrans(root); + } + } + spin_unlock(&fs_info->fs_roots_radix_lock); +-- +2.43.0 + diff --git a/queue-6.6/btrfs-make-btrfs_clear_delalloc_extent-free-delalloc.patch b/queue-6.6/btrfs-make-btrfs_clear_delalloc_extent-free-delalloc.patch new file mode 100644 index 00000000000..e5d70717fc9 --- /dev/null +++ b/queue-6.6/btrfs-make-btrfs_clear_delalloc_extent-free-delalloc.patch @@ -0,0 +1,41 @@ +From ac2a8ed7f1b4e3bafa87c1f9bb0377cef79f7c08 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 26 Mar 2024 11:55:22 -0700 +Subject: btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve + +From: Boris Burkov + +[ Upstream commit 3c6f0c5ecc8910d4ffb0dfe85609ebc0c91c8f34 ] + +Currently, this call site in btrfs_clear_delalloc_extent() only converts +the reservation. We are marking it not delalloc, so I don't think it +makes sense to keep the rsv around. This is a path where we are not +sure to join a transaction, so it leads to incorrect free-ing during +umount. + +Helps with the pass rate of generic/269 and generic/475. + +Reviewed-by: Qu Wenruo +Signed-off-by: Boris Burkov +Signed-off-by: David Sterba +Signed-off-by: Sasha Levin +--- + fs/btrfs/inode.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c +index 33d0efa5ed794..5ddee801a8303 100644 +--- a/fs/btrfs/inode.c ++++ b/fs/btrfs/inode.c +@@ -2510,7 +2510,7 @@ void btrfs_clear_delalloc_extent(struct btrfs_inode *inode, + */ + if (bits & EXTENT_CLEAR_META_RESV && + root != fs_info->tree_root) +- btrfs_delalloc_release_metadata(inode, len, false); ++ btrfs_delalloc_release_metadata(inode, len, true); + + /* For sanity tests. */ + if (btrfs_is_testing(fs_info)) +-- +2.43.0 + diff --git a/queue-6.6/btrfs-return-accurate-error-code-on-open-failure-in-.patch b/queue-6.6/btrfs-return-accurate-error-code-on-open-failure-in-.patch new file mode 100644 index 00000000000..399635102ab --- /dev/null +++ b/queue-6.6/btrfs-return-accurate-error-code-on-open-failure-in-.patch @@ -0,0 +1,74 @@ +From 58bb56f574a7c067773f70cc4de815e8b38fca52 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 19 Mar 2024 08:28:18 +0530 +Subject: btrfs: return accurate error code on open failure in + open_fs_devices() + +From: Anand Jain + +[ Upstream commit 2f1aeab9fca1a5f583be1add175d1ee95c213cfa ] + +When attempting to exclusive open a device which has no exclusive open +permission, such as a physical device associated with the flakey dm +device, the open operation will fail, resulting in a mount failure. + +In this particular scenario, we erroneously return -EINVAL instead of the +correct error code provided by the bdev_open_by_path() function, which is +-EBUSY. + +Fix this, by returning error code from the bdev_open_by_path() function. +With this correction, the mount error message will align with that of +ext4 and xfs. + +Reviewed-by: Boris Burkov +Signed-off-by: Anand Jain +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Sasha Levin +--- + fs/btrfs/volumes.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c +index 453d037987fb3..d0bbb05d4c081 100644 +--- a/fs/btrfs/volumes.c ++++ b/fs/btrfs/volumes.c +@@ -1224,23 +1224,30 @@ static int open_fs_devices(struct btrfs_fs_devices *fs_devices, + struct btrfs_device *device; + struct btrfs_device *latest_dev = NULL; + struct btrfs_device *tmp_device; ++ int ret = 0; + + list_for_each_entry_safe(device, tmp_device, &fs_devices->devices, + dev_list) { +- int ret; ++ int ret2; + +- ret = btrfs_open_one_device(fs_devices, device, flags, holder); +- if (ret == 0 && ++ ret2 = btrfs_open_one_device(fs_devices, device, flags, holder); ++ if (ret2 == 0 && + (!latest_dev || device->generation > latest_dev->generation)) { + latest_dev = device; +- } else if (ret == -ENODATA) { ++ } else if (ret2 == -ENODATA) { + fs_devices->num_devices--; + list_del(&device->dev_list); + btrfs_free_device(device); + } ++ if (ret == 0 && ret2 != 0) ++ ret = ret2; + } +- if (fs_devices->open_devices == 0) ++ ++ if (fs_devices->open_devices == 0) { ++ if (ret) ++ return ret; + return -EINVAL; ++ } + + fs_devices->opened = 1; + fs_devices->latest_dev = latest_dev; +-- +2.43.0 + diff --git a/queue-6.6/clk-don-t-hold-prepare_lock-when-calling-kref_put.patch b/queue-6.6/clk-don-t-hold-prepare_lock-when-calling-kref_put.patch new file mode 100644 index 00000000000..db742c6fc78 --- /dev/null +++ b/queue-6.6/clk-don-t-hold-prepare_lock-when-calling-kref_put.patch @@ -0,0 +1,71 @@ +From 99a1025e032f3f6883ba6d5619e533eac10c682f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 25 Mar 2024 11:41:56 -0700 +Subject: clk: Don't hold prepare_lock when calling kref_put() + +From: Stephen Boyd + +[ Upstream commit 6f63af7511e7058f3fa4ad5b8102210741c9f947 ] + +We don't need to hold the prepare_lock when dropping a ref on a struct +clk_core. The release function is only freeing memory and any code with +a pointer reference has already unlinked anything pointing to the +clk_core. This reduces the holding area of the prepare_lock a bit. + +Note that we also don't call free_clk() with the prepare_lock held. +There isn't any reason to do that. + +Reviewed-by: Douglas Anderson +Signed-off-by: Stephen Boyd +Link: https://lore.kernel.org/r/20240325184204.745706-3-sboyd@kernel.org +Signed-off-by: Sasha Levin +--- + drivers/clk/clk.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c +index 4a67c0d4823cf..f8776065ad1f1 100644 +--- a/drivers/clk/clk.c ++++ b/drivers/clk/clk.c +@@ -4523,7 +4523,8 @@ void clk_unregister(struct clk *clk) + if (ops == &clk_nodrv_ops) { + pr_err("%s: unregistered clock: %s\n", __func__, + clk->core->name); +- goto unlock; ++ clk_prepare_unlock(); ++ return; + } + /* + * Assign empty clock ops for consumers that might still hold +@@ -4557,11 +4558,10 @@ void clk_unregister(struct clk *clk) + if (clk->core->protect_count) + pr_warn("%s: unregistering protected clock: %s\n", + __func__, clk->core->name); ++ clk_prepare_unlock(); + + kref_put(&clk->core->ref, __clk_release); + free_clk(clk); +-unlock: +- clk_prepare_unlock(); + } + EXPORT_SYMBOL_GPL(clk_unregister); + +@@ -4720,13 +4720,11 @@ void __clk_put(struct clk *clk) + if (clk->min_rate > 0 || clk->max_rate < ULONG_MAX) + clk_set_rate_range_nolock(clk, 0, ULONG_MAX); + +- owner = clk->core->owner; +- kref_put(&clk->core->ref, __clk_release); +- + clk_prepare_unlock(); + ++ owner = clk->core->owner; ++ kref_put(&clk->core->ref, __clk_release); + module_put(owner); +- + free_clk(clk); + } + +-- +2.43.0 + diff --git a/queue-6.6/drivers-hv-vmbus-don-t-free-ring-buffers-that-couldn.patch b/queue-6.6/drivers-hv-vmbus-don-t-free-ring-buffers-that-couldn.patch new file mode 100644 index 00000000000..ed56c1bbd9e --- /dev/null +++ b/queue-6.6/drivers-hv-vmbus-don-t-free-ring-buffers-that-couldn.patch @@ -0,0 +1,50 @@ +From 6cefd6bc33a02c8f56e713f2cb3a65da052c0a7c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 11 Mar 2024 09:15:58 -0700 +Subject: Drivers: hv: vmbus: Don't free ring buffers that couldn't be + re-encrypted + +From: Michael Kelley + +[ Upstream commit 30d18df6567be09c1433e81993e35e3da573ac48 ] + +In CoCo VMs it is possible for the untrusted host to cause +set_memory_encrypted() or set_memory_decrypted() to fail such that an +error is returned and the resulting memory is shared. Callers need to +take care to handle these errors to avoid returning decrypted (shared) +memory to the page allocator, which could lead to functional or security +issues. + +The VMBus ring buffer code could free decrypted/shared pages if +set_memory_decrypted() fails. Check the decrypted field in the struct +vmbus_gpadl for the ring buffers to decide whether to free the memory. + +Signed-off-by: Michael Kelley +Reviewed-by: Kuppuswamy Sathyanarayanan +Acked-by: Kirill A. Shutemov +Link: https://lore.kernel.org/r/20240311161558.1310-6-mhklinux@outlook.com +Signed-off-by: Wei Liu +Message-ID: <20240311161558.1310-6-mhklinux@outlook.com> +Signed-off-by: Sasha Levin +--- + drivers/hv/channel.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c +index bb5abdcda18f8..47e1bd8de9fcf 100644 +--- a/drivers/hv/channel.c ++++ b/drivers/hv/channel.c +@@ -153,7 +153,9 @@ void vmbus_free_ring(struct vmbus_channel *channel) + hv_ringbuffer_cleanup(&channel->inbound); + + if (channel->ringbuffer_page) { +- __free_pages(channel->ringbuffer_page, ++ /* In a CoCo VM leak the memory if it didn't get re-encrypted */ ++ if (!channel->ringbuffer_gpadlhandle.decrypted) ++ __free_pages(channel->ringbuffer_page, + get_order(channel->ringbuffer_pagecount + << PAGE_SHIFT)); + channel->ringbuffer_page = NULL; +-- +2.43.0 + diff --git a/queue-6.6/drivers-hv-vmbus-leak-pages-if-set_memory_encrypted-.patch b/queue-6.6/drivers-hv-vmbus-leak-pages-if-set_memory_encrypted-.patch new file mode 100644 index 00000000000..53a3edb5798 --- /dev/null +++ b/queue-6.6/drivers-hv-vmbus-leak-pages-if-set_memory_encrypted-.patch @@ -0,0 +1,83 @@ +From c0995ee6334a3cba8f54d2e195dd619ba84effe5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 11 Mar 2024 09:15:54 -0700 +Subject: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails + +From: Rick Edgecombe + +[ Upstream commit 03f5a999adba062456c8c818a683beb1b498983a ] + +In CoCo VMs it is possible for the untrusted host to cause +set_memory_encrypted() or set_memory_decrypted() to fail such that an +error is returned and the resulting memory is shared. Callers need to +take care to handle these errors to avoid returning decrypted (shared) +memory to the page allocator, which could lead to functional or security +issues. + +VMBus code could free decrypted pages if set_memory_encrypted()/decrypted() +fails. Leak the pages if this happens. + +Signed-off-by: Rick Edgecombe +Signed-off-by: Michael Kelley +Reviewed-by: Kuppuswamy Sathyanarayanan +Acked-by: Kirill A. Shutemov +Link: https://lore.kernel.org/r/20240311161558.1310-2-mhklinux@outlook.com +Signed-off-by: Wei Liu +Message-ID: <20240311161558.1310-2-mhklinux@outlook.com> +Signed-off-by: Sasha Levin +--- + drivers/hv/connection.c | 29 ++++++++++++++++++++++------- + 1 file changed, 22 insertions(+), 7 deletions(-) + +diff --git a/drivers/hv/connection.c b/drivers/hv/connection.c +index 3cabeeabb1cac..f001ae880e1db 100644 +--- a/drivers/hv/connection.c ++++ b/drivers/hv/connection.c +@@ -237,8 +237,17 @@ int vmbus_connect(void) + vmbus_connection.monitor_pages[0], 1); + ret |= set_memory_decrypted((unsigned long) + vmbus_connection.monitor_pages[1], 1); +- if (ret) ++ if (ret) { ++ /* ++ * If set_memory_decrypted() fails, the encryption state ++ * of the memory is unknown. So leak the memory instead ++ * of risking returning decrypted memory to the free list. ++ * For simplicity, always handle both pages the same. ++ */ ++ vmbus_connection.monitor_pages[0] = NULL; ++ vmbus_connection.monitor_pages[1] = NULL; + goto cleanup; ++ } + + /* + * Set_memory_decrypted() will change the memory contents if +@@ -337,13 +346,19 @@ void vmbus_disconnect(void) + vmbus_connection.int_page = NULL; + } + +- set_memory_encrypted((unsigned long)vmbus_connection.monitor_pages[0], 1); +- set_memory_encrypted((unsigned long)vmbus_connection.monitor_pages[1], 1); ++ if (vmbus_connection.monitor_pages[0]) { ++ if (!set_memory_encrypted( ++ (unsigned long)vmbus_connection.monitor_pages[0], 1)) ++ hv_free_hyperv_page(vmbus_connection.monitor_pages[0]); ++ vmbus_connection.monitor_pages[0] = NULL; ++ } + +- hv_free_hyperv_page(vmbus_connection.monitor_pages[0]); +- hv_free_hyperv_page(vmbus_connection.monitor_pages[1]); +- vmbus_connection.monitor_pages[0] = NULL; +- vmbus_connection.monitor_pages[1] = NULL; ++ if (vmbus_connection.monitor_pages[1]) { ++ if (!set_memory_encrypted( ++ (unsigned long)vmbus_connection.monitor_pages[1], 1)) ++ hv_free_hyperv_page(vmbus_connection.monitor_pages[1]); ++ vmbus_connection.monitor_pages[1] = NULL; ++ } + } + + /* +-- +2.43.0 + diff --git a/queue-6.6/drivers-hv-vmbus-track-decrypted-status-in-vmbus_gpa.patch b/queue-6.6/drivers-hv-vmbus-track-decrypted-status-in-vmbus_gpa.patch new file mode 100644 index 00000000000..e4189e9351b --- /dev/null +++ b/queue-6.6/drivers-hv-vmbus-track-decrypted-status-in-vmbus_gpa.patch @@ -0,0 +1,102 @@ +From a14d83473afa854c847fd93a979e434840f3e668 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 11 Mar 2024 09:15:55 -0700 +Subject: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl + +From: Rick Edgecombe + +[ Upstream commit 211f514ebf1ef5de37b1cf6df9d28a56cfd242ca ] + +In CoCo VMs it is possible for the untrusted host to cause +set_memory_encrypted() or set_memory_decrypted() to fail such that an +error is returned and the resulting memory is shared. Callers need to +take care to handle these errors to avoid returning decrypted (shared) +memory to the page allocator, which could lead to functional or security +issues. + +In order to make sure callers of vmbus_establish_gpadl() and +vmbus_teardown_gpadl() don't return decrypted/shared pages to +allocators, add a field in struct vmbus_gpadl to keep track of the +decryption status of the buffers. This will allow the callers to +know if they should free or leak the pages. + +Signed-off-by: Rick Edgecombe +Signed-off-by: Michael Kelley +Reviewed-by: Kuppuswamy Sathyanarayanan +Acked-by: Kirill A. Shutemov +Link: https://lore.kernel.org/r/20240311161558.1310-3-mhklinux@outlook.com +Signed-off-by: Wei Liu +Message-ID: <20240311161558.1310-3-mhklinux@outlook.com> +Signed-off-by: Sasha Levin +--- + drivers/hv/channel.c | 25 +++++++++++++++++++++---- + include/linux/hyperv.h | 1 + + 2 files changed, 22 insertions(+), 4 deletions(-) + +diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c +index 56f7e06c673e4..bb5abdcda18f8 100644 +--- a/drivers/hv/channel.c ++++ b/drivers/hv/channel.c +@@ -472,9 +472,18 @@ static int __vmbus_establish_gpadl(struct vmbus_channel *channel, + (atomic_inc_return(&vmbus_connection.next_gpadl_handle) - 1); + + ret = create_gpadl_header(type, kbuffer, size, send_offset, &msginfo); +- if (ret) ++ if (ret) { ++ gpadl->decrypted = false; + return ret; ++ } + ++ /* ++ * Set the "decrypted" flag to true for the set_memory_decrypted() ++ * success case. In the failure case, the encryption state of the ++ * memory is unknown. Leave "decrypted" as true to ensure the ++ * memory will be leaked instead of going back on the free list. ++ */ ++ gpadl->decrypted = true; + ret = set_memory_decrypted((unsigned long)kbuffer, + PFN_UP(size)); + if (ret) { +@@ -563,9 +572,15 @@ static int __vmbus_establish_gpadl(struct vmbus_channel *channel, + + kfree(msginfo); + +- if (ret) +- set_memory_encrypted((unsigned long)kbuffer, +- PFN_UP(size)); ++ if (ret) { ++ /* ++ * If set_memory_encrypted() fails, the decrypted flag is ++ * left as true so the memory is leaked instead of being ++ * put back on the free list. ++ */ ++ if (!set_memory_encrypted((unsigned long)kbuffer, PFN_UP(size))) ++ gpadl->decrypted = false; ++ } + + return ret; + } +@@ -886,6 +901,8 @@ int vmbus_teardown_gpadl(struct vmbus_channel *channel, struct vmbus_gpadl *gpad + if (ret) + pr_warn("Fail to set mem host visibility in GPADL teardown %d.\n", ret); + ++ gpadl->decrypted = ret; ++ + return ret; + } + EXPORT_SYMBOL_GPL(vmbus_teardown_gpadl); +diff --git a/include/linux/hyperv.h b/include/linux/hyperv.h +index 6ef0557b4bff8..96ceb4095425e 100644 +--- a/include/linux/hyperv.h ++++ b/include/linux/hyperv.h +@@ -832,6 +832,7 @@ struct vmbus_gpadl { + u32 gpadl_handle; + u32 size; + void *buffer; ++ bool decrypted; + }; + + struct vmbus_channel { +-- +2.43.0 + diff --git a/queue-6.6/drm-amd-display-skip-on-writeback-when-it-s-not-appl.patch b/queue-6.6/drm-amd-display-skip-on-writeback-when-it-s-not-appl.patch new file mode 100644 index 00000000000..802a930acc1 --- /dev/null +++ b/queue-6.6/drm-amd-display-skip-on-writeback-when-it-s-not-appl.patch @@ -0,0 +1,66 @@ +From 963007fcbd7890834c9672061c36f423647542fb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 15 Mar 2024 21:25:25 -0600 +Subject: drm/amd/display: Skip on writeback when it's not applicable + +From: Alex Hung + +[ Upstream commit ecedd99a9369fb5cde601ae9abd58bca2739f1ae ] + +[WHY] +dynamic memory safety error detector (KASAN) catches and generates error +messages "BUG: KASAN: slab-out-of-bounds" as writeback connector does not +support certain features which are not initialized. + +[HOW] +Skip them when connector type is DRM_MODE_CONNECTOR_WRITEBACK. + +Link: https://gitlab.freedesktop.org/drm/amd/-/issues/3199 +Reviewed-by: Harry Wentland +Reviewed-by: Rodrigo Siqueira +Acked-by: Roman Li +Signed-off-by: Alex Hung +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +index 3442e08f47876..98dd07e3726af 100644 +--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c ++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +@@ -2974,6 +2974,10 @@ static int dm_resume(void *handle) + /* Do mst topology probing after resuming cached state*/ + drm_connector_list_iter_begin(ddev, &iter); + drm_for_each_connector_iter(connector, &iter) { ++ ++ if (connector->connector_type == DRM_MODE_CONNECTOR_WRITEBACK) ++ continue; ++ + aconnector = to_amdgpu_dm_connector(connector); + if (aconnector->dc_link->type != dc_connection_mst_branch || + aconnector->mst_root) +@@ -5756,6 +5760,9 @@ get_highest_refresh_rate_mode(struct amdgpu_dm_connector *aconnector, + &aconnector->base.probed_modes : + &aconnector->base.modes; + ++ if (aconnector->base.connector_type == DRM_MODE_CONNECTOR_WRITEBACK) ++ return NULL; ++ + if (aconnector->freesync_vid_base.clock != 0) + return &aconnector->freesync_vid_base; + +@@ -8445,6 +8452,9 @@ static void amdgpu_dm_commit_audio(struct drm_device *dev, + continue; + + notify: ++ if (connector->connector_type == DRM_MODE_CONNECTOR_WRITEBACK) ++ continue; ++ + aconnector = to_amdgpu_dm_connector(connector); + + mutex_lock(&adev->dm.audio_lock); +-- +2.43.0 + diff --git a/queue-6.6/drm-amdgpu-fix-vcn-allocation-in-cpx-partition.patch b/queue-6.6/drm-amdgpu-fix-vcn-allocation-in-cpx-partition.patch new file mode 100644 index 00000000000..52e1b1b5bec --- /dev/null +++ b/queue-6.6/drm-amdgpu-fix-vcn-allocation-in-cpx-partition.patch @@ -0,0 +1,67 @@ +From c50b9fb789a3e9afa48a282e3a420a2e032cdb4f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 6 Mar 2024 17:05:07 +0530 +Subject: drm/amdgpu: Fix VCN allocation in CPX partition + +From: Lijo Lazar + +[ Upstream commit f7e232de51bb1b45646e5b7dc4ebcf13510f2630 ] + +VCN need not be shared in CPX mode always for all GFX 9.4.3 SOC SKUs. In +certain configs, VCN instance can be exclusively allocated to a +partition even under CPX mode. + +Signed-off-by: Lijo Lazar +Reviewed-by: James Zhu +Reviewed-by: Asad Kamal +Acked-by: Alex Deucher +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +diff --git a/drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c b/drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c +index d0fc62784e821..0284c9198a04a 100644 +--- a/drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c ++++ b/drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c +@@ -61,6 +61,11 @@ void aqua_vanjaram_doorbell_index_init(struct amdgpu_device *adev) + adev->doorbell_index.max_assignment = AMDGPU_DOORBELL_LAYOUT1_MAX_ASSIGNMENT << 1; + } + ++static bool aqua_vanjaram_xcp_vcn_shared(struct amdgpu_device *adev) ++{ ++ return (adev->xcp_mgr->num_xcps > adev->vcn.num_vcn_inst); ++} ++ + static void aqua_vanjaram_set_xcp_id(struct amdgpu_device *adev, + uint32_t inst_idx, struct amdgpu_ring *ring) + { +@@ -86,7 +91,7 @@ static void aqua_vanjaram_set_xcp_id(struct amdgpu_device *adev, + case AMDGPU_RING_TYPE_VCN_ENC: + case AMDGPU_RING_TYPE_VCN_JPEG: + ip_blk = AMDGPU_XCP_VCN; +- if (adev->xcp_mgr->mode == AMDGPU_CPX_PARTITION_MODE) ++ if (aqua_vanjaram_xcp_vcn_shared(adev)) + inst_mask = 1 << (inst_idx * 2); + break; + default: +@@ -139,10 +144,12 @@ static int aqua_vanjaram_xcp_sched_list_update( + + aqua_vanjaram_xcp_gpu_sched_update(adev, ring, ring->xcp_id); + +- /* VCN is shared by two partitions under CPX MODE */ ++ /* VCN may be shared by two partitions under CPX MODE in certain ++ * configs. ++ */ + if ((ring->funcs->type == AMDGPU_RING_TYPE_VCN_ENC || +- ring->funcs->type == AMDGPU_RING_TYPE_VCN_JPEG) && +- adev->xcp_mgr->mode == AMDGPU_CPX_PARTITION_MODE) ++ ring->funcs->type == AMDGPU_RING_TYPE_VCN_JPEG) && ++ aqua_vanjaram_xcp_vcn_shared(adev)) + aqua_vanjaram_xcp_gpu_sched_update(adev, ring, ring->xcp_id + 1); + } + +-- +2.43.0 + diff --git a/queue-6.6/drm-amdgpu-implement-irq_state_enable-for-sdma-v4.4..patch b/queue-6.6/drm-amdgpu-implement-irq_state_enable-for-sdma-v4.4..patch new file mode 100644 index 00000000000..f82f58fc8bb --- /dev/null +++ b/queue-6.6/drm-amdgpu-implement-irq_state_enable-for-sdma-v4.4..patch @@ -0,0 +1,51 @@ +From 9750d903e676890cfebfde3ad68df965dff6b727 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 28 Mar 2024 18:22:10 +0800 +Subject: drm/amdgpu: implement IRQ_STATE_ENABLE for SDMA v4.4.2 + +From: Tao Zhou + +[ Upstream commit f886b49feaae30acd599e37d4284836024b0f3ed ] + +SDMA_CNTL is not set in some cases, driver configures it by itself. + +v2: simplify code + +Signed-off-by: Tao Zhou +Reviewed-by: Hawking Zhang +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 16 +++------------- + 1 file changed, 3 insertions(+), 13 deletions(-) + +diff --git a/drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c b/drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c +index e76e7e7cb554e..4e8d5e6a65e41 100644 +--- a/drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c ++++ b/drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c +@@ -1613,19 +1613,9 @@ static int sdma_v4_4_2_set_ecc_irq_state(struct amdgpu_device *adev, + u32 sdma_cntl; + + sdma_cntl = RREG32_SDMA(type, regSDMA_CNTL); +- switch (state) { +- case AMDGPU_IRQ_STATE_DISABLE: +- sdma_cntl = REG_SET_FIELD(sdma_cntl, SDMA_CNTL, +- DRAM_ECC_INT_ENABLE, 0); +- WREG32_SDMA(type, regSDMA_CNTL, sdma_cntl); +- break; +- /* sdma ecc interrupt is enabled by default +- * driver doesn't need to do anything to +- * enable the interrupt */ +- case AMDGPU_IRQ_STATE_ENABLE: +- default: +- break; +- } ++ sdma_cntl = REG_SET_FIELD(sdma_cntl, SDMA_CNTL, DRAM_ECC_INT_ENABLE, ++ state == AMDGPU_IRQ_STATE_ENABLE ? 1 : 0); ++ WREG32_SDMA(type, regSDMA_CNTL, sdma_cntl); + + return 0; + } +-- +2.43.0 + diff --git a/queue-6.6/drm-amdgpu-refine-ib-schedule-error-logging.patch b/queue-6.6/drm-amdgpu-refine-ib-schedule-error-logging.patch new file mode 100644 index 00000000000..80b8294a4ba --- /dev/null +++ b/queue-6.6/drm-amdgpu-refine-ib-schedule-error-logging.patch @@ -0,0 +1,49 @@ +From 8a7dcc8768c8966ce757de17868adb5a4a0a6515 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 21 Mar 2024 17:46:36 +0530 +Subject: drm/amdgpu: Refine IB schedule error logging +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Lijo Lazar + +[ Upstream commit 4b18a91faf1752f9bd69a4ed3aed2c8f6e5b0528 ] + +Downgrade to debug information when IBs are skipped. Also, use dev_* to +identify the device. + +Signed-off-by: Lijo Lazar +Reviewed-by: Christian König +Reviewed-by: Asad Kamal +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c +index 78476bc75b4e1..de9d7f3dc2336 100644 +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c +@@ -300,12 +300,15 @@ static struct dma_fence *amdgpu_job_run(struct drm_sched_job *sched_job) + dma_fence_set_error(finished, -ECANCELED); + + if (finished->error < 0) { +- DRM_INFO("Skip scheduling IBs!\n"); ++ dev_dbg(adev->dev, "Skip scheduling IBs in ring(%s)", ++ ring->name); + } else { + r = amdgpu_ib_schedule(ring, job->num_ibs, job->ibs, job, + &fence); + if (r) +- DRM_ERROR("Error scheduling IBs (%d)\n", r); ++ dev_err(adev->dev, ++ "Error scheduling IBs (%d) in ring(%s)", r, ++ ring->name); + } + + job->job_run_counter++; +-- +2.43.0 + diff --git a/queue-6.6/drm-amdkfd-check-cgroup-when-returning-dmabuf-info.patch b/queue-6.6/drm-amdkfd-check-cgroup-when-returning-dmabuf-info.patch new file mode 100644 index 00000000000..b833dfcc480 --- /dev/null +++ b/queue-6.6/drm-amdkfd-check-cgroup-when-returning-dmabuf-info.patch @@ -0,0 +1,46 @@ +From a768aa51778d00f0c115b27228620bb082179f90 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 12 Feb 2024 10:40:55 -0500 +Subject: drm/amdkfd: Check cgroup when returning DMABuf info + +From: Mukul Joshi + +[ Upstream commit 9d7993a7ab9651afd5fb295a4992e511b2b727aa ] + +Check cgroup permissions when returning DMA-buf info and +based on cgroup info return the GPU id of the GPU that have +access to the BO. + +Signed-off-by: Mukul Joshi +Reviewed-by: Felix Kuehling +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c +index c157721214e8d..505a9078bc157 100644 +--- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c ++++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c +@@ -1516,7 +1516,7 @@ static int kfd_ioctl_get_dmabuf_info(struct file *filep, + + /* Find a KFD GPU device that supports the get_dmabuf_info query */ + for (i = 0; kfd_topology_enum_kfd_devices(i, &dev) == 0; i++) +- if (dev) ++ if (dev && !kfd_devcgroup_check_permission(dev)) + break; + if (!dev) + return -EINVAL; +@@ -1538,7 +1538,7 @@ static int kfd_ioctl_get_dmabuf_info(struct file *filep, + if (xcp_id >= 0) + args->gpu_id = dmabuf_adev->kfd.dev->nodes[xcp_id]->id; + else +- args->gpu_id = dmabuf_adev->kfd.dev->nodes[0]->id; ++ args->gpu_id = dev->id; + args->flags = flags; + + /* Copy metadata buffer to user mode */ +-- +2.43.0 + diff --git a/queue-6.6/drm-amdkfd-range-check-cp-bad-op-exception-interrupt.patch b/queue-6.6/drm-amdkfd-range-check-cp-bad-op-exception-interrupt.patch new file mode 100644 index 00000000000..1074b3fb1d2 --- /dev/null +++ b/queue-6.6/drm-amdkfd-range-check-cp-bad-op-exception-interrupt.patch @@ -0,0 +1,104 @@ +From ef1d808a900f2b8686bd05e994c9db3be1ed9316 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 1 Mar 2024 12:25:17 -0500 +Subject: drm/amdkfd: range check cp bad op exception interrupts + +From: Jonathan Kim + +[ Upstream commit 0cac183b98d8a8c692c98e8dba37df15a9e9210d ] + +Due to a CP interrupt bug, bad packet garbage exception codes are raised. +Do a range check so that the debugger and runtime do not receive garbage +codes. +Update the user api to guard exception code type checking as well. + +Signed-off-by: Jonathan Kim +Tested-by: Jesse Zhang +Reviewed-by: Felix Kuehling +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + .../gpu/drm/amd/amdkfd/kfd_int_process_v10.c | 3 ++- + .../gpu/drm/amd/amdkfd/kfd_int_process_v11.c | 3 ++- + drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 3 ++- + include/uapi/linux/kfd_ioctl.h | 17 ++++++++++++++--- + 4 files changed, 20 insertions(+), 6 deletions(-) + +diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c b/drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c +index a7697ec8188e0..f85ca6cb90f56 100644 +--- a/drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c ++++ b/drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c +@@ -336,7 +336,8 @@ static void event_interrupt_wq_v10(struct kfd_node *dev, + break; + } + kfd_signal_event_interrupt(pasid, context_id0 & 0x7fffff, 23); +- } else if (source_id == SOC15_INTSRC_CP_BAD_OPCODE) { ++ } else if (source_id == SOC15_INTSRC_CP_BAD_OPCODE && ++ KFD_DBG_EC_TYPE_IS_PACKET(KFD_DEBUG_CP_BAD_OP_ECODE(context_id0))) { + kfd_set_dbg_ev_from_interrupt(dev, pasid, + KFD_DEBUG_DOORBELL_ID(context_id0), + KFD_EC_MASK(KFD_DEBUG_CP_BAD_OP_ECODE(context_id0)), +diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c b/drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c +index 2a65792fd1162..3ca9c160da7c2 100644 +--- a/drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c ++++ b/drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c +@@ -325,7 +325,8 @@ static void event_interrupt_wq_v11(struct kfd_node *dev, + /* CP */ + if (source_id == SOC15_INTSRC_CP_END_OF_PIPE) + kfd_signal_event_interrupt(pasid, context_id0, 32); +- else if (source_id == SOC15_INTSRC_CP_BAD_OPCODE) ++ else if (source_id == SOC15_INTSRC_CP_BAD_OPCODE && ++ KFD_DBG_EC_TYPE_IS_PACKET(KFD_CTXID0_CP_BAD_OP_ECODE(context_id0))) + kfd_set_dbg_ev_from_interrupt(dev, pasid, + KFD_CTXID0_DOORBELL_ID(context_id0), + KFD_EC_MASK(KFD_CTXID0_CP_BAD_OP_ECODE(context_id0)), +diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c b/drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c +index 27cdaea405017..8a6729939ae55 100644 +--- a/drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c ++++ b/drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c +@@ -385,7 +385,8 @@ static void event_interrupt_wq_v9(struct kfd_node *dev, + break; + } + kfd_signal_event_interrupt(pasid, sq_int_data, 24); +- } else if (source_id == SOC15_INTSRC_CP_BAD_OPCODE) { ++ } else if (source_id == SOC15_INTSRC_CP_BAD_OPCODE && ++ KFD_DBG_EC_TYPE_IS_PACKET(KFD_DEBUG_CP_BAD_OP_ECODE(context_id0))) { + kfd_set_dbg_ev_from_interrupt(dev, pasid, + KFD_DEBUG_DOORBELL_ID(context_id0), + KFD_EC_MASK(KFD_DEBUG_CP_BAD_OP_ECODE(context_id0)), +diff --git a/include/uapi/linux/kfd_ioctl.h b/include/uapi/linux/kfd_ioctl.h +index eeb2fdcbdcb70..cd924c959d732 100644 +--- a/include/uapi/linux/kfd_ioctl.h ++++ b/include/uapi/linux/kfd_ioctl.h +@@ -909,14 +909,25 @@ enum kfd_dbg_trap_exception_code { + KFD_EC_MASK(EC_DEVICE_NEW)) + #define KFD_EC_MASK_PROCESS (KFD_EC_MASK(EC_PROCESS_RUNTIME) | \ + KFD_EC_MASK(EC_PROCESS_DEVICE_REMOVE)) ++#define KFD_EC_MASK_PACKET (KFD_EC_MASK(EC_QUEUE_PACKET_DISPATCH_DIM_INVALID) | \ ++ KFD_EC_MASK(EC_QUEUE_PACKET_DISPATCH_GROUP_SEGMENT_SIZE_INVALID) | \ ++ KFD_EC_MASK(EC_QUEUE_PACKET_DISPATCH_CODE_INVALID) | \ ++ KFD_EC_MASK(EC_QUEUE_PACKET_RESERVED) | \ ++ KFD_EC_MASK(EC_QUEUE_PACKET_UNSUPPORTED) | \ ++ KFD_EC_MASK(EC_QUEUE_PACKET_DISPATCH_WORK_GROUP_SIZE_INVALID) | \ ++ KFD_EC_MASK(EC_QUEUE_PACKET_DISPATCH_REGISTER_INVALID) | \ ++ KFD_EC_MASK(EC_QUEUE_PACKET_VENDOR_UNSUPPORTED)) + + /* Checks for exception code types for KFD search */ ++#define KFD_DBG_EC_IS_VALID(ecode) (ecode > EC_NONE && ecode < EC_MAX) + #define KFD_DBG_EC_TYPE_IS_QUEUE(ecode) \ +- (!!(KFD_EC_MASK(ecode) & KFD_EC_MASK_QUEUE)) ++ (KFD_DBG_EC_IS_VALID(ecode) && !!(KFD_EC_MASK(ecode) & KFD_EC_MASK_QUEUE)) + #define KFD_DBG_EC_TYPE_IS_DEVICE(ecode) \ +- (!!(KFD_EC_MASK(ecode) & KFD_EC_MASK_DEVICE)) ++ (KFD_DBG_EC_IS_VALID(ecode) && !!(KFD_EC_MASK(ecode) & KFD_EC_MASK_DEVICE)) + #define KFD_DBG_EC_TYPE_IS_PROCESS(ecode) \ +- (!!(KFD_EC_MASK(ecode) & KFD_EC_MASK_PROCESS)) ++ (KFD_DBG_EC_IS_VALID(ecode) && !!(KFD_EC_MASK(ecode) & KFD_EC_MASK_PROCESS)) ++#define KFD_DBG_EC_TYPE_IS_PACKET(ecode) \ ++ (KFD_DBG_EC_IS_VALID(ecode) && !!(KFD_EC_MASK(ecode) & KFD_EC_MASK_PACKET)) + + + /* Runtime enable states */ +-- +2.43.0 + diff --git a/queue-6.6/drm-nouveau-dp-don-t-probe-edp-ports-twice-harder.patch b/queue-6.6/drm-nouveau-dp-don-t-probe-edp-ports-twice-harder.patch new file mode 100644 index 00000000000..3a6887b89ee --- /dev/null +++ b/queue-6.6/drm-nouveau-dp-don-t-probe-edp-ports-twice-harder.patch @@ -0,0 +1,57 @@ +From 66f17dc6a0edaceef85e0a209bcc2b5449621b14 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 4 Apr 2024 19:35:54 -0400 +Subject: drm/nouveau/dp: Don't probe eDP ports twice harder + +From: Lyude Paul + +[ Upstream commit bf52d7f9b2067f02efe7e32697479097aba4a055 ] + +I didn't pay close enough attention the last time I tried to fix this +problem - while we currently do correctly take care to make sure we don't +probe a connected eDP port more then once, we don't do the same thing for +eDP ports we found to be disconnected. + +So, fix this and make sure we only ever probe eDP ports once and then leave +them at that connector state forever (since without HPD, it's not going to +change on its own anyway). This should get rid of the last few GSP errors +getting spit out during runtime suspend and resume on some machines, as we +tried to reprobe eDP ports in response to ACPI hotplug probe events. + +Signed-off-by: Lyude Paul +Reviewed-by: Dave Airlie +Link: https://patchwork.freedesktop.org/patch/msgid/20240404233736.7946-3-lyude@redhat.com +(cherry picked from commit fe6660b661c3397af0867d5d098f5b26581f1290) +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/nouveau/nouveau_dp.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/drivers/gpu/drm/nouveau/nouveau_dp.c b/drivers/gpu/drm/nouveau/nouveau_dp.c +index 6a4980b2d4d4e..bf2ae67b03d94 100644 +--- a/drivers/gpu/drm/nouveau/nouveau_dp.c ++++ b/drivers/gpu/drm/nouveau/nouveau_dp.c +@@ -108,12 +108,15 @@ nouveau_dp_detect(struct nouveau_connector *nv_connector, + u8 *dpcd = nv_encoder->dp.dpcd; + int ret = NOUVEAU_DP_NONE, hpd; + +- /* If we've already read the DPCD on an eDP device, we don't need to +- * reread it as it won't change ++ /* eDP ports don't support hotplugging - so there's no point in probing eDP ports unless we ++ * haven't probed them once before. + */ +- if (connector->connector_type == DRM_MODE_CONNECTOR_eDP && +- dpcd[DP_DPCD_REV] != 0) +- return NOUVEAU_DP_SST; ++ if (connector->connector_type == DRM_MODE_CONNECTOR_eDP) { ++ if (connector->status == connector_status_connected) ++ return NOUVEAU_DP_SST; ++ else if (connector->status == connector_status_disconnected) ++ return NOUVEAU_DP_NONE; ++ } + + mutex_lock(&nv_encoder->dp.hpd_irq_lock); + if (mstm) { +-- +2.43.0 + diff --git a/queue-6.6/drm-radeon-silence-ubsan-warning-v3.patch b/queue-6.6/drm-radeon-silence-ubsan-warning-v3.patch new file mode 100644 index 00000000000..7622fd47ce6 --- /dev/null +++ b/queue-6.6/drm-radeon-silence-ubsan-warning-v3.patch @@ -0,0 +1,78 @@ +From f60d7109800f40e4c2ed186aff10d848f7993afa Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 8 Apr 2024 13:30:15 -0400 +Subject: drm/radeon: silence UBSAN warning (v3) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Alex Deucher + +[ Upstream commit 781d41fed19caf900c8405064676813dc9921d32 ] + +Convert a variable sized array from [1] to []. + +v2: fix up a few more. +v3: integrate comments from Kees. + +Reviewed-by: Kees Cook +Tested-by: Jeff Johnson (v2) +Acked-by: Christian König (v1) +Signed-off-by: Alex Deucher +Cc: keescook@chromium.org +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/radeon/pptable.h | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/drivers/gpu/drm/radeon/pptable.h b/drivers/gpu/drm/radeon/pptable.h +index 4c2eec49dadc9..844f0490bf31f 100644 +--- a/drivers/gpu/drm/radeon/pptable.h ++++ b/drivers/gpu/drm/radeon/pptable.h +@@ -424,7 +424,7 @@ typedef struct _ATOM_PPLIB_SUMO_CLOCK_INFO{ + typedef struct _ATOM_PPLIB_STATE_V2 + { + //number of valid dpm levels in this state; Driver uses it to calculate the whole +- //size of the state: sizeof(ATOM_PPLIB_STATE_V2) + (ucNumDPMLevels - 1) * sizeof(UCHAR) ++ //size of the state: struct_size(ATOM_PPLIB_STATE_V2, clockInfoIndex, ucNumDPMLevels) + UCHAR ucNumDPMLevels; + + //a index to the array of nonClockInfos +@@ -432,14 +432,14 @@ typedef struct _ATOM_PPLIB_STATE_V2 + /** + * Driver will read the first ucNumDPMLevels in this array + */ +- UCHAR clockInfoIndex[1]; ++ UCHAR clockInfoIndex[] __counted_by(ucNumDPMLevels); + } ATOM_PPLIB_STATE_V2; + + typedef struct _StateArray{ + //how many states we have + UCHAR ucNumEntries; + +- ATOM_PPLIB_STATE_V2 states[1]; ++ ATOM_PPLIB_STATE_V2 states[] __counted_by(ucNumEntries); + }StateArray; + + +@@ -450,7 +450,7 @@ typedef struct _ClockInfoArray{ + //sizeof(ATOM_PPLIB_CLOCK_INFO) + UCHAR ucEntrySize; + +- UCHAR clockInfo[1]; ++ UCHAR clockInfo[] __counted_by(ucNumEntries); + }ClockInfoArray; + + typedef struct _NonClockInfoArray{ +@@ -460,7 +460,7 @@ typedef struct _NonClockInfoArray{ + //sizeof(ATOM_PPLIB_NONCLOCK_INFO) + UCHAR ucEntrySize; + +- ATOM_PPLIB_NONCLOCK_INFO nonClockInfo[1]; ++ ATOM_PPLIB_NONCLOCK_INFO nonClockInfo[] __counted_by(ucNumEntries); + }NonClockInfoArray; + + typedef struct _ATOM_PPLIB_Clock_Voltage_Dependency_Record +-- +2.43.0 + diff --git a/queue-6.6/firewire-ohci-mask-bus-reset-interrupts-between-isr-.patch b/queue-6.6/firewire-ohci-mask-bus-reset-interrupts-between-isr-.patch new file mode 100644 index 00000000000..d0e4ac4b706 --- /dev/null +++ b/queue-6.6/firewire-ohci-mask-bus-reset-interrupts-between-isr-.patch @@ -0,0 +1,87 @@ +From 3338cf984ad0c0549e3273803465cfe814a4bedd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 25 Mar 2024 07:38:41 +0900 +Subject: firewire: ohci: mask bus reset interrupts between ISR and bottom half + +From: Adam Goldman + +[ Upstream commit 752e3c53de0fa3b7d817a83050b6699b8e9c6ec9 ] + +In the FireWire OHCI interrupt handler, if a bus reset interrupt has +occurred, mask bus reset interrupts until bus_reset_work has serviced and +cleared the interrupt. + +Normally, we always leave bus reset interrupts masked. We infer the bus +reset from the self-ID interrupt that happens shortly thereafter. A +scenario where we unmask bus reset interrupts was introduced in 2008 in +a007bb857e0b26f5d8b73c2ff90782d9c0972620: If +OHCI_PARAM_DEBUG_BUSRESETS (8) is set in the debug parameter bitmask, we +will unmask bus reset interrupts so we can log them. + +irq_handler logs the bus reset interrupt. However, we can't clear the bus +reset event flag in irq_handler, because we won't service the event until +later. irq_handler exits with the event flag still set. If the +corresponding interrupt is still unmasked, the first bus reset will +usually freeze the system due to irq_handler being called again each +time it exits. This freeze can be reproduced by loading firewire_ohci +with "modprobe firewire_ohci debug=-1" (to enable all debugging output). +Apparently there are also some cases where bus_reset_work will get called +soon enough to clear the event, and operation will continue normally. + +This freeze was first reported a few months after a007bb85 was committed, +but until now it was never fixed. The debug level could safely be set +to -1 through sysfs after the module was loaded, but this would be +ineffectual in logging bus reset interrupts since they were only +unmasked during initialization. + +irq_handler will now leave the event flag set but mask bus reset +interrupts, so irq_handler won't be called again and there will be no +freeze. If OHCI_PARAM_DEBUG_BUSRESETS is enabled, bus_reset_work will +unmask the interrupt after servicing the event, so future interrupts +will be caught as desired. + +As a side effect to this change, OHCI_PARAM_DEBUG_BUSRESETS can now be +enabled through sysfs in addition to during initial module loading. +However, when enabled through sysfs, logging of bus reset interrupts will +be effective only starting with the second bus reset, after +bus_reset_work has executed. + +Signed-off-by: Adam Goldman +Signed-off-by: Takashi Sakamoto +Signed-off-by: Sasha Levin +--- + drivers/firewire/ohci.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/drivers/firewire/ohci.c b/drivers/firewire/ohci.c +index 7bc71f4be64a0..38d19410a2be6 100644 +--- a/drivers/firewire/ohci.c ++++ b/drivers/firewire/ohci.c +@@ -2060,6 +2060,8 @@ static void bus_reset_work(struct work_struct *work) + + ohci->generation = generation; + reg_write(ohci, OHCI1394_IntEventClear, OHCI1394_busReset); ++ if (param_debug & OHCI_PARAM_DEBUG_BUSRESETS) ++ reg_write(ohci, OHCI1394_IntMaskSet, OHCI1394_busReset); + + if (ohci->quirks & QUIRK_RESET_PACKET) + ohci->request_generation = generation; +@@ -2125,12 +2127,14 @@ static irqreturn_t irq_handler(int irq, void *data) + return IRQ_NONE; + + /* +- * busReset and postedWriteErr must not be cleared yet ++ * busReset and postedWriteErr events must not be cleared yet + * (OHCI 1.1 clauses 7.2.3.2 and 13.2.8.1) + */ + reg_write(ohci, OHCI1394_IntEventClear, + event & ~(OHCI1394_busReset | OHCI1394_postedWriteErr)); + log_irqs(ohci, event); ++ if (event & OHCI1394_busReset) ++ reg_write(ohci, OHCI1394_IntMaskClear, OHCI1394_busReset); + + if (event & OHCI1394_selfIDComplete) + queue_work(selfid_workqueue, &ohci->bus_reset_work); +-- +2.43.0 + diff --git a/queue-6.6/fs-9p-drop-inodes-immediately-on-non-.l-too.patch b/queue-6.6/fs-9p-drop-inodes-immediately-on-non-.l-too.patch new file mode 100644 index 00000000000..2ff5ed5cd37 --- /dev/null +++ b/queue-6.6/fs-9p-drop-inodes-immediately-on-non-.l-too.patch @@ -0,0 +1,31 @@ +From 0a1fad965cc077d35fc16f4ddc32b330cea79542 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 18 Mar 2024 12:22:32 +0100 +Subject: fs/9p: drop inodes immediately on non-.L too + +From: Joakim Sindholt + +[ Upstream commit 7fd524b9bd1be210fe79035800f4bd78a41b349f ] + +Signed-off-by: Joakim Sindholt +Signed-off-by: Eric Van Hensbergen +Signed-off-by: Sasha Levin +--- + fs/9p/vfs_super.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/fs/9p/vfs_super.c b/fs/9p/vfs_super.c +index 73db55c050bf1..958efc8423334 100644 +--- a/fs/9p/vfs_super.c ++++ b/fs/9p/vfs_super.c +@@ -320,6 +320,7 @@ static const struct super_operations v9fs_super_ops = { + .alloc_inode = v9fs_alloc_inode, + .free_inode = v9fs_free_inode, + .statfs = simple_statfs, ++ .drop_inode = v9fs_drop_inode, + .evict_inode = v9fs_evict_inode, + .show_options = v9fs_show_options, + .umount_begin = v9fs_umount_begin, +-- +2.43.0 + diff --git a/queue-6.6/fs-9p-fix-the-cache-always-being-enabled-on-files-wi.patch b/queue-6.6/fs-9p-fix-the-cache-always-being-enabled-on-files-wi.patch new file mode 100644 index 00000000000..c11c50ccec4 --- /dev/null +++ b/queue-6.6/fs-9p-fix-the-cache-always-being-enabled-on-files-wi.patch @@ -0,0 +1,45 @@ +From 6e4a927769a8446d6da99ceccef1f836bc6818cf Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 18 Mar 2024 12:22:34 +0100 +Subject: fs/9p: fix the cache always being enabled on files with qid flags + +From: Joakim Sindholt + +[ Upstream commit 4e5d208cc9bd5fbc95d536fa223b4b14c37b8ca8 ] + +I'm not sure why this check was ever here. After updating to 6.6 I +suddenly found caching had been turned on by default and neither +cache=none nor the new directio would turn it off. After walking through +the new code very manually I realized that it's because the caching has +to be, in effect, turned off explicitly by setting P9L_DIRECT and +whenever a file has a flag, in my case QTAPPEND, it doesn't get set. + +Setting aside QTDIR which seems to ignore the new fid->mode entirely, +the rest of these either should be subject to the same cache rules as +every other QTFILE or perhaps very explicitly not cached in the case of +QTAUTH. + +Signed-off-by: Joakim Sindholt +Signed-off-by: Eric Van Hensbergen +Signed-off-by: Sasha Levin +--- + fs/9p/fid.h | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/fs/9p/fid.h b/fs/9p/fid.h +index 29281b7c38870..0d6138bee2a3d 100644 +--- a/fs/9p/fid.h ++++ b/fs/9p/fid.h +@@ -49,9 +49,6 @@ static inline struct p9_fid *v9fs_fid_clone(struct dentry *dentry) + static inline void v9fs_fid_add_modes(struct p9_fid *fid, unsigned int s_flags, + unsigned int s_cache, unsigned int f_flags) + { +- if (fid->qid.type != P9_QTFILE) +- return; +- + if ((!s_cache) || + ((fid->qid.version == 0) && !(s_flags & V9FS_IGNORE_QV)) || + (s_flags & V9FS_DIRECT_IO) || (f_flags & O_DIRECT)) { +-- +2.43.0 + diff --git a/queue-6.6/fs-9p-only-translate-rwx-permissions-for-plain-9p200.patch b/queue-6.6/fs-9p-only-translate-rwx-permissions-for-plain-9p200.patch new file mode 100644 index 00000000000..4a6d7ba735a --- /dev/null +++ b/queue-6.6/fs-9p-only-translate-rwx-permissions-for-plain-9p200.patch @@ -0,0 +1,37 @@ +From a85c7819dcbfef947c9ee8f17a3509cf07d2c920 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 18 Mar 2024 12:22:31 +0100 +Subject: fs/9p: only translate RWX permissions for plain 9P2000 + +From: Joakim Sindholt + +[ Upstream commit cd25e15e57e68a6b18dc9323047fe9c68b99290b ] + +Garbage in plain 9P2000's perm bits is allowed through, which causes it +to be able to set (among others) the suid bit. This was presumably not +the intent since the unix extended bits are handled explicitly and +conditionally on .u. + +Signed-off-by: Joakim Sindholt +Signed-off-by: Eric Van Hensbergen +Signed-off-by: Sasha Levin +--- + fs/9p/vfs_inode.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c +index ea695c4a7a3fb..3bdf6df4b553e 100644 +--- a/fs/9p/vfs_inode.c ++++ b/fs/9p/vfs_inode.c +@@ -83,7 +83,7 @@ static int p9mode2perm(struct v9fs_session_info *v9ses, + int res; + int mode = stat->mode; + +- res = mode & S_IALLUGO; ++ res = mode & 0777; /* S_IRWXUGO */ + if (v9fs_proto_dotu(v9ses)) { + if ((mode & P9_DMSETUID) == P9_DMSETUID) + res |= S_ISUID; +-- +2.43.0 + diff --git a/queue-6.6/fs-9p-translate-o_trunc-into-otrunc.patch b/queue-6.6/fs-9p-translate-o_trunc-into-otrunc.patch new file mode 100644 index 00000000000..06c11c732ab --- /dev/null +++ b/queue-6.6/fs-9p-translate-o_trunc-into-otrunc.patch @@ -0,0 +1,36 @@ +From c64173ce541025ce1797dc2d61ad32bb7fe4d800 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 18 Mar 2024 12:22:33 +0100 +Subject: fs/9p: translate O_TRUNC into OTRUNC + +From: Joakim Sindholt + +[ Upstream commit 87de39e70503e04ddb58965520b15eb9efa7eef3 ] + +This one hits both 9P2000 and .u as it appears v9fs has never translated +the O_TRUNC flag. + +Signed-off-by: Joakim Sindholt +Signed-off-by: Eric Van Hensbergen +Signed-off-by: Sasha Levin +--- + fs/9p/vfs_inode.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c +index 3bdf6df4b553e..853c63b836815 100644 +--- a/fs/9p/vfs_inode.c ++++ b/fs/9p/vfs_inode.c +@@ -178,6 +178,9 @@ int v9fs_uflags2omode(int uflags, int extended) + break; + } + ++ if (uflags & O_TRUNC) ++ ret |= P9_OTRUNC; ++ + if (extended) { + if (uflags & O_EXCL) + ret |= P9_OEXCL; +-- +2.43.0 + diff --git a/queue-6.6/gfs2-fix-invalid-metadata-access-in-punch_hole.patch b/queue-6.6/gfs2-fix-invalid-metadata-access-in-punch_hole.patch new file mode 100644 index 00000000000..389b1799894 --- /dev/null +++ b/queue-6.6/gfs2-fix-invalid-metadata-access-in-punch_hole.patch @@ -0,0 +1,47 @@ +From 0a4cbfecd444aa3a4220aab2efb19d09fb6501b8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 11 Mar 2024 16:40:36 +0100 +Subject: gfs2: Fix invalid metadata access in punch_hole + +From: Andrew Price + +[ Upstream commit c95346ac918c5badf51b9a7ac58a26d3bd5bb224 ] + +In punch_hole(), when the offset lies in the final block for a given +height, there is no hole to punch, but the maximum size check fails to +detect that. Consequently, punch_hole() will try to punch a hole beyond +the end of the metadata and fail. Fix the maximum size check. + +Signed-off-by: Andrew Price +Signed-off-by: Andreas Gruenbacher +Signed-off-by: Sasha Levin +--- + fs/gfs2/bmap.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/fs/gfs2/bmap.c b/fs/gfs2/bmap.c +index ef7017fb69512..2b578615607e4 100644 +--- a/fs/gfs2/bmap.c ++++ b/fs/gfs2/bmap.c +@@ -1715,7 +1715,8 @@ static int punch_hole(struct gfs2_inode *ip, u64 offset, u64 length) + struct buffer_head *dibh, *bh; + struct gfs2_holder rd_gh; + unsigned int bsize_shift = sdp->sd_sb.sb_bsize_shift; +- u64 lblock = (offset + (1 << bsize_shift) - 1) >> bsize_shift; ++ unsigned int bsize = 1 << bsize_shift; ++ u64 lblock = (offset + bsize - 1) >> bsize_shift; + __u16 start_list[GFS2_MAX_META_HEIGHT]; + __u16 __end_list[GFS2_MAX_META_HEIGHT], *end_list = NULL; + unsigned int start_aligned, end_aligned; +@@ -1726,7 +1727,7 @@ static int punch_hole(struct gfs2_inode *ip, u64 offset, u64 length) + u64 prev_bnr = 0; + __be64 *start, *end; + +- if (offset >= maxsize) { ++ if (offset + bsize - 1 >= maxsize) { + /* + * The starting point lies beyond the allocated metadata; + * there are no blocks to deallocate. +-- +2.43.0 + diff --git a/queue-6.6/gpio-crystalcove-use-enotsupp-consistently.patch b/queue-6.6/gpio-crystalcove-use-enotsupp-consistently.patch new file mode 100644 index 00000000000..4a0c9291bfe --- /dev/null +++ b/queue-6.6/gpio-crystalcove-use-enotsupp-consistently.patch @@ -0,0 +1,35 @@ +From b35001fbae5084cb5e5c876ce4cf5258bbb578e4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 5 Apr 2024 19:26:22 +0300 +Subject: gpio: crystalcove: Use -ENOTSUPP consistently + +From: Andy Shevchenko + +[ Upstream commit ace0ebe5c98d66889f19e0f30e2518d0c58d0e04 ] + +The GPIO library expects the drivers to return -ENOTSUPP in some +cases and not using analogue POSIX code. Make the driver to follow +this. + +Signed-off-by: Andy Shevchenko +Signed-off-by: Sasha Levin +--- + drivers/gpio/gpio-crystalcove.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpio/gpio-crystalcove.c b/drivers/gpio/gpio-crystalcove.c +index 1ee62cd58582b..25db014494a4d 100644 +--- a/drivers/gpio/gpio-crystalcove.c ++++ b/drivers/gpio/gpio-crystalcove.c +@@ -92,7 +92,7 @@ static inline int to_reg(int gpio, enum ctrl_register reg_type) + case 0x5e: + return GPIOPANELCTL; + default: +- return -EOPNOTSUPP; ++ return -ENOTSUPP; + } + } + +-- +2.43.0 + diff --git a/queue-6.6/gpio-lpc32xx-fix-module-autoloading.patch b/queue-6.6/gpio-lpc32xx-fix-module-autoloading.patch new file mode 100644 index 00000000000..b206f0be8fa --- /dev/null +++ b/queue-6.6/gpio-lpc32xx-fix-module-autoloading.patch @@ -0,0 +1,34 @@ +From 6eec821e5cc6ae2afaf3b0bccf3cb0c561593190 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 10 Apr 2024 19:03:05 +0200 +Subject: gpio: lpc32xx: fix module autoloading + +From: Krzysztof Kozlowski + +[ Upstream commit 11baa36d317321f5d54059f07d243c5a1dbbfbb2 ] + +Add MODULE_DEVICE_TABLE(), so the module could be properly autoloaded +based on the alias from of_device_id table. + +Signed-off-by: Krzysztof Kozlowski +Signed-off-by: Bartosz Golaszewski +Signed-off-by: Sasha Levin +--- + drivers/gpio/gpio-lpc32xx.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/gpio/gpio-lpc32xx.c b/drivers/gpio/gpio-lpc32xx.c +index 5ef8af8249806..c097e310c9e84 100644 +--- a/drivers/gpio/gpio-lpc32xx.c ++++ b/drivers/gpio/gpio-lpc32xx.c +@@ -529,6 +529,7 @@ static const struct of_device_id lpc32xx_gpio_of_match[] = { + { .compatible = "nxp,lpc3220-gpio", }, + { }, + }; ++MODULE_DEVICE_TABLE(of, lpc32xx_gpio_of_match); + + static struct platform_driver lpc32xx_gpio_driver = { + .driver = { +-- +2.43.0 + diff --git a/queue-6.6/gpio-wcove-use-enotsupp-consistently.patch b/queue-6.6/gpio-wcove-use-enotsupp-consistently.patch new file mode 100644 index 00000000000..79b9c084f5e --- /dev/null +++ b/queue-6.6/gpio-wcove-use-enotsupp-consistently.patch @@ -0,0 +1,36 @@ +From 180a9a2bfc03f01478790d6958e670c93ba8a23e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 5 Apr 2024 19:25:21 +0300 +Subject: gpio: wcove: Use -ENOTSUPP consistently + +From: Andy Shevchenko + +[ Upstream commit 0c3b532ad3fbf82884a2e7e83e37c7dcdd4d1d99 ] + +The GPIO library expects the drivers to return -ENOTSUPP in some +cases and not using analogue POSIX code. Make the driver to follow +this. + +Reviewed-by: Kuppuswamy Sathyanarayanan +Signed-off-by: Andy Shevchenko +Signed-off-by: Sasha Levin +--- + drivers/gpio/gpio-wcove.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpio/gpio-wcove.c b/drivers/gpio/gpio-wcove.c +index c18b6b47384f1..94ca9d03c0949 100644 +--- a/drivers/gpio/gpio-wcove.c ++++ b/drivers/gpio/gpio-wcove.c +@@ -104,7 +104,7 @@ static inline int to_reg(int gpio, enum ctrl_register type) + unsigned int reg = type == CTRL_IN ? GPIO_IN_CTRL_BASE : GPIO_OUT_CTRL_BASE; + + if (gpio >= WCOVE_GPIO_NUM) +- return -EOPNOTSUPP; ++ return -ENOTSUPP; + + return reg + gpio; + } +-- +2.43.0 + diff --git a/queue-6.6/gpu-host1x-do-not-setup-dma-for-virtual-devices.patch b/queue-6.6/gpu-host1x-do-not-setup-dma-for-virtual-devices.patch new file mode 100644 index 00000000000..7fef0d34602 --- /dev/null +++ b/queue-6.6/gpu-host1x-do-not-setup-dma-for-virtual-devices.patch @@ -0,0 +1,61 @@ +From 576c69e668b2a3ddb93a93856eacfbd20c0cc573 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 14 Mar 2024 16:49:43 +0100 +Subject: gpu: host1x: Do not setup DMA for virtual devices + +From: Thierry Reding + +[ Upstream commit 8ab58f6841b19423231c5db3378691ec80c778f8 ] + +The host1x devices are virtual compound devices and do not perform DMA +accesses themselves, so they do not need to be set up for DMA. + +Ideally we would also not need to set up DMA masks for the virtual +devices, but we currently still need those for legacy support on old +hardware. + +Tested-by: Jon Hunter +Acked-by: Jon Hunter +Signed-off-by: Thierry Reding +Link: https://patchwork.freedesktop.org/patch/msgid/20240314154943.2487549-1-thierry.reding@gmail.com +Signed-off-by: Sasha Levin +--- + drivers/gpu/host1x/bus.c | 8 -------- + 1 file changed, 8 deletions(-) + +diff --git a/drivers/gpu/host1x/bus.c b/drivers/gpu/host1x/bus.c +index 84d042796d2e6..3937889fa912d 100644 +--- a/drivers/gpu/host1x/bus.c ++++ b/drivers/gpu/host1x/bus.c +@@ -351,11 +351,6 @@ static int host1x_device_uevent(const struct device *dev, + return 0; + } + +-static int host1x_dma_configure(struct device *dev) +-{ +- return of_dma_configure(dev, dev->of_node, true); +-} +- + static const struct dev_pm_ops host1x_device_pm_ops = { + .suspend = pm_generic_suspend, + .resume = pm_generic_resume, +@@ -369,7 +364,6 @@ struct bus_type host1x_bus_type = { + .name = "host1x", + .match = host1x_device_match, + .uevent = host1x_device_uevent, +- .dma_configure = host1x_dma_configure, + .pm = &host1x_device_pm_ops, + }; + +@@ -458,8 +452,6 @@ static int host1x_device_add(struct host1x *host1x, + device->dev.bus = &host1x_bus_type; + device->dev.parent = host1x->dev; + +- of_dma_configure(&device->dev, host1x->dev->of_node, true); +- + device->dev.dma_parms = &device->dma_parms; + dma_set_max_seg_size(&device->dev, UINT_MAX); + +-- +2.43.0 + diff --git a/queue-6.6/hv_netvsc-don-t-free-decrypted-memory.patch b/queue-6.6/hv_netvsc-don-t-free-decrypted-memory.patch new file mode 100644 index 00000000000..89af9ad1984 --- /dev/null +++ b/queue-6.6/hv_netvsc-don-t-free-decrypted-memory.patch @@ -0,0 +1,53 @@ +From 79f35e44630d2ba62fe81d1e75385c4db0111192 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 11 Mar 2024 09:15:56 -0700 +Subject: hv_netvsc: Don't free decrypted memory + +From: Rick Edgecombe + +[ Upstream commit bbf9ac34677b57506a13682b31a2a718934c0e31 ] + +In CoCo VMs it is possible for the untrusted host to cause +set_memory_encrypted() or set_memory_decrypted() to fail such that an +error is returned and the resulting memory is shared. Callers need to +take care to handle these errors to avoid returning decrypted (shared) +memory to the page allocator, which could lead to functional or security +issues. + +The netvsc driver could free decrypted/shared pages if +set_memory_decrypted() fails. Check the decrypted field in the gpadl +to decide whether to free the memory. + +Signed-off-by: Rick Edgecombe +Signed-off-by: Michael Kelley +Reviewed-by: Kuppuswamy Sathyanarayanan +Acked-by: Kirill A. Shutemov +Link: https://lore.kernel.org/r/20240311161558.1310-4-mhklinux@outlook.com +Signed-off-by: Wei Liu +Message-ID: <20240311161558.1310-4-mhklinux@outlook.com> +Signed-off-by: Sasha Levin +--- + drivers/net/hyperv/netvsc.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/hyperv/netvsc.c b/drivers/net/hyperv/netvsc.c +index 4f9658a741024..b2f27e505f76c 100644 +--- a/drivers/net/hyperv/netvsc.c ++++ b/drivers/net/hyperv/netvsc.c +@@ -154,8 +154,11 @@ static void free_netvsc_device(struct rcu_head *head) + int i; + + kfree(nvdev->extension); +- vfree(nvdev->recv_buf); +- vfree(nvdev->send_buf); ++ ++ if (!nvdev->recv_buf_gpadl_handle.decrypted) ++ vfree(nvdev->recv_buf); ++ if (!nvdev->send_buf_gpadl_handle.decrypted) ++ vfree(nvdev->send_buf); + bitmap_free(nvdev->send_section_map); + + for (i = 0; i < VRSS_CHANNEL_MAX; i++) { +-- +2.43.0 + diff --git a/queue-6.6/iommu-mtk-fix-module-autoloading.patch b/queue-6.6/iommu-mtk-fix-module-autoloading.patch new file mode 100644 index 00000000000..5af69db72aa --- /dev/null +++ b/queue-6.6/iommu-mtk-fix-module-autoloading.patch @@ -0,0 +1,48 @@ +From a50d269d21ee66a119e8d7c293fd42ee55ddfebe Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 10 Apr 2024 18:41:09 +0200 +Subject: iommu: mtk: fix module autoloading + +From: Krzysztof Kozlowski + +[ Upstream commit 7537e31df80cb58c27f3b6fef702534ea87a5957 ] + +Add MODULE_DEVICE_TABLE(), so modules could be properly autoloaded +based on the alias from of_device_id table. + +Signed-off-by: Krzysztof Kozlowski +Link: https://lore.kernel.org/r/20240410164109.233308-1-krzk@kernel.org +Signed-off-by: Joerg Roedel +Signed-off-by: Sasha Levin +--- + drivers/iommu/mtk_iommu.c | 1 + + drivers/iommu/mtk_iommu_v1.c | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/drivers/iommu/mtk_iommu.c b/drivers/iommu/mtk_iommu.c +index fab6c347ce578..de698463e94ad 100644 +--- a/drivers/iommu/mtk_iommu.c ++++ b/drivers/iommu/mtk_iommu.c +@@ -1773,6 +1773,7 @@ static const struct of_device_id mtk_iommu_of_ids[] = { + { .compatible = "mediatek,mt8365-m4u", .data = &mt8365_data}, + {} + }; ++MODULE_DEVICE_TABLE(of, mtk_iommu_of_ids); + + static struct platform_driver mtk_iommu_driver = { + .probe = mtk_iommu_probe, +diff --git a/drivers/iommu/mtk_iommu_v1.c b/drivers/iommu/mtk_iommu_v1.c +index 8a0a5e5d049f4..f1754efcfe74e 100644 +--- a/drivers/iommu/mtk_iommu_v1.c ++++ b/drivers/iommu/mtk_iommu_v1.c +@@ -600,6 +600,7 @@ static const struct of_device_id mtk_iommu_v1_of_ids[] = { + { .compatible = "mediatek,mt2701-m4u", }, + {} + }; ++MODULE_DEVICE_TABLE(of, mtk_iommu_v1_of_ids); + + static const struct component_master_ops mtk_iommu_v1_com_ops = { + .bind = mtk_iommu_v1_bind, +-- +2.43.0 + diff --git a/queue-6.6/kbuild-disable-kcsan-for-autogenerated-.mod.c-interm.patch b/queue-6.6/kbuild-disable-kcsan-for-autogenerated-.mod.c-interm.patch new file mode 100644 index 00000000000..0fcc899cf64 --- /dev/null +++ b/queue-6.6/kbuild-disable-kcsan-for-autogenerated-.mod.c-interm.patch @@ -0,0 +1,100 @@ +From a75792f1b78f5c2dfe6dcc6c86915afc918445c0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 26 Mar 2024 21:25:48 +0100 +Subject: kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries + +From: Borislav Petkov (AMD) + +[ Upstream commit 54babdc0343fff2f32dfaafaaa9e42c4db278204 ] + +When KCSAN and CONSTRUCTORS are enabled, one can trigger the + + "Unpatched return thunk in use. This should not happen!" + +catch-all warning. + +Usually, when objtool runs on the .o objects, it does generate a section +.return_sites which contains all offsets in the objects to the return +thunks of the functions present there. Those return thunks then get +patched at runtime by the alternatives. + +KCSAN and CONSTRUCTORS add this to the object file's .text.startup +section: + + ------------------- + Disassembly of section .text.startup: + + ... + + 0000000000000010 <_sub_I_00099_0>: + 10: f3 0f 1e fa endbr64 + 14: e8 00 00 00 00 call 19 <_sub_I_00099_0+0x9> + 15: R_X86_64_PLT32 __tsan_init-0x4 + 19: e9 00 00 00 00 jmp 1e <__UNIQUE_ID___addressable_cryptd_alloc_aead349+0x6> + 1a: R_X86_64_PLT32 __x86_return_thunk-0x4 + ------------------- + +which, if it is built as a module goes through the intermediary stage of +creating a .mod.c file which, when translated, receives a second +constructor: + + ------------------- + Disassembly of section .text.startup: + + 0000000000000010 <_sub_I_00099_0>: + 10: f3 0f 1e fa endbr64 + 14: e8 00 00 00 00 call 19 <_sub_I_00099_0+0x9> + 15: R_X86_64_PLT32 __tsan_init-0x4 + 19: e9 00 00 00 00 jmp 1e <_sub_I_00099_0+0xe> + 1a: R_X86_64_PLT32 __x86_return_thunk-0x4 + + ... + + 0000000000000030 <_sub_I_00099_0>: + 30: f3 0f 1e fa endbr64 + 34: e8 00 00 00 00 call 39 <_sub_I_00099_0+0x9> + 35: R_X86_64_PLT32 __tsan_init-0x4 + 39: e9 00 00 00 00 jmp 3e <__ksymtab_cryptd_alloc_ahash+0x2> + 3a: R_X86_64_PLT32 __x86_return_thunk-0x4 + ------------------- + +in the .ko file. + +Objtool has run already so that second constructor's return thunk cannot +be added to the .return_sites section and thus the return thunk remains +unpatched and the warning rightfully fires. + +Drop KCSAN flags from the mod.c generation stage as those constructors +do not contain data races one would be interested about. + +Debugged together with David Kaplan and Nikolay +Borisov . + +Reported-by: Paul Menzel +Closes: https://lore.kernel.org/r/0851a207-7143-417e-be31-8bf2b3afb57d@molgen.mpg.de +Signed-off-by: Borislav Petkov (AMD) +Tested-by: Paul Menzel # Dell XPS 13 +Reviewed-by: Nikolay Borisov +Reviewed-by: Marco Elver +Signed-off-by: Masahiro Yamada +Signed-off-by: Sasha Levin +--- + scripts/Makefile.modfinal | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/scripts/Makefile.modfinal b/scripts/Makefile.modfinal +index b3a6aa8fbe8cb..1979913aff682 100644 +--- a/scripts/Makefile.modfinal ++++ b/scripts/Makefile.modfinal +@@ -23,7 +23,7 @@ modname = $(notdir $(@:.mod.o=)) + part-of-module = y + + quiet_cmd_cc_o_c = CC [M] $@ +- cmd_cc_o_c = $(CC) $(filter-out $(CC_FLAGS_CFI) $(CFLAGS_GCOV), $(c_flags)) -c -o $@ $< ++ cmd_cc_o_c = $(CC) $(filter-out $(CC_FLAGS_CFI) $(CFLAGS_GCOV) $(CFLAGS_KCSAN), $(c_flags)) -c -o $@ $< + + %.mod.o: %.mod.c FORCE + $(call if_changed_dep,cc_o_c) +-- +2.43.0 + diff --git a/queue-6.6/memblock-tests-fix-undefined-reference-to-bit.patch b/queue-6.6/memblock-tests-fix-undefined-reference-to-bit.patch new file mode 100644 index 00000000000..aaef35e02cf --- /dev/null +++ b/queue-6.6/memblock-tests-fix-undefined-reference-to-bit.patch @@ -0,0 +1,41 @@ +From fa0fbce32cba9de12f9548f7cdb351b089534ee2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 2 Apr 2024 13:27:01 +0000 +Subject: memblock tests: fix undefined reference to `BIT' + +From: Wei Yang + +[ Upstream commit 592447f6cb3c20d606d6c5d8e6af68e99707b786 ] + +commit 772dd0342727 ("mm: enumerate all gfp flags") define gfp flags +with the help of BIT, while gfp_types.h doesn't include header file for +the definition. This through an error on building memblock tests. + +Let's include linux/bits.h to fix it. + +Signed-off-by: Wei Yang +CC: Suren Baghdasaryan +CC: Michal Hocko +Link: https://lore.kernel.org/r/20240402132701.29744-4-richard.weiyang@gmail.com +Signed-off-by: Mike Rapoport (IBM) +Signed-off-by: Sasha Levin +--- + include/linux/gfp_types.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/include/linux/gfp_types.h b/include/linux/gfp_types.h +index 6583a58670c57..dfde1e1e321c3 100644 +--- a/include/linux/gfp_types.h ++++ b/include/linux/gfp_types.h +@@ -2,6 +2,8 @@ + #ifndef __LINUX_GFP_TYPES_H + #define __LINUX_GFP_TYPES_H + ++#include ++ + /* The typedef is in types.h but we want the documentation here */ + #if 0 + /** +-- +2.43.0 + diff --git a/queue-6.6/memblock-tests-fix-undefined-reference-to-early_pfn_.patch b/queue-6.6/memblock-tests-fix-undefined-reference-to-early_pfn_.patch new file mode 100644 index 00000000000..051980f1f37 --- /dev/null +++ b/queue-6.6/memblock-tests-fix-undefined-reference-to-early_pfn_.patch @@ -0,0 +1,43 @@ +From 59313750a480b130ec7f81e4e78306573b3e5bee Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 2 Apr 2024 13:26:59 +0000 +Subject: memblock tests: fix undefined reference to `early_pfn_to_nid' + +From: Wei Yang + +[ Upstream commit 7d8ed162e6a92268d4b2b84d364a931216102c8e ] + +commit 6a9531c3a880 ("memblock: fix crash when reserved memory is not +added to memory") introduce the usage of early_pfn_to_nid, which is not +defined in memblock tests. + +The original definition of early_pfn_to_nid is defined in mm.h, so let +add this in the corresponding mm.h. + +Signed-off-by: Wei Yang +CC: Yajun Deng +CC: Mike Rapoport +Link: https://lore.kernel.org/r/20240402132701.29744-2-richard.weiyang@gmail.com +Signed-off-by: Mike Rapoport (IBM) +Signed-off-by: Sasha Levin +--- + tools/include/linux/mm.h | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/tools/include/linux/mm.h b/tools/include/linux/mm.h +index f3c82ab5b14cd..7d73da0980473 100644 +--- a/tools/include/linux/mm.h ++++ b/tools/include/linux/mm.h +@@ -37,4 +37,9 @@ static inline void totalram_pages_add(long count) + { + } + ++static inline int early_pfn_to_nid(unsigned long pfn) ++{ ++ return 0; ++} ++ + #endif +-- +2.43.0 + diff --git a/queue-6.6/memblock-tests-fix-undefined-reference-to-panic.patch b/queue-6.6/memblock-tests-fix-undefined-reference-to-panic.patch new file mode 100644 index 00000000000..a534ebf850a --- /dev/null +++ b/queue-6.6/memblock-tests-fix-undefined-reference-to-panic.patch @@ -0,0 +1,67 @@ +From d464dd3c527d1a3ca78d04a56d9298b716ff760d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 2 Apr 2024 13:27:00 +0000 +Subject: memblock tests: fix undefined reference to `panic' + +From: Wei Yang + +[ Upstream commit e0f5a8e74be88f2476e58b25d3b49a9521bdc4ec ] + +commit e96c6b8f212a ("memblock: report failures when memblock_can_resize +is not set") introduced the usage of panic, which is not defined in +memblock test. + +Let's define it directly in panic.h to fix it. + +Signed-off-by: Wei Yang +CC: Song Shuai +CC: Mike Rapoport +Link: https://lore.kernel.org/r/20240402132701.29744-3-richard.weiyang@gmail.com +Signed-off-by: Mike Rapoport (IBM) +Signed-off-by: Sasha Levin +--- + tools/include/linux/kernel.h | 1 + + tools/include/linux/panic.h | 19 +++++++++++++++++++ + 2 files changed, 20 insertions(+) + create mode 100644 tools/include/linux/panic.h + +diff --git a/tools/include/linux/kernel.h b/tools/include/linux/kernel.h +index 4b0673bf52c2e..07cfad817d539 100644 +--- a/tools/include/linux/kernel.h ++++ b/tools/include/linux/kernel.h +@@ -8,6 +8,7 @@ + #include + #include + #include ++#include + #include + #include + +diff --git a/tools/include/linux/panic.h b/tools/include/linux/panic.h +new file mode 100644 +index 0000000000000..9c8f17a41ce8e +--- /dev/null ++++ b/tools/include/linux/panic.h +@@ -0,0 +1,19 @@ ++/* SPDX-License-Identifier: GPL-2.0 */ ++#ifndef _TOOLS_LINUX_PANIC_H ++#define _TOOLS_LINUX_PANIC_H ++ ++#include ++#include ++#include ++ ++static inline void panic(const char *fmt, ...) ++{ ++ va_list argp; ++ ++ va_start(argp, fmt); ++ vfprintf(stderr, fmt, argp); ++ va_end(argp); ++ exit(-1); ++} ++ ++#endif +-- +2.43.0 + diff --git a/queue-6.6/mips-scall-save-thread_info.syscall-unconditionally-.patch b/queue-6.6/mips-scall-save-thread_info.syscall-unconditionally-.patch new file mode 100644 index 00000000000..a09ab92d597 --- /dev/null +++ b/queue-6.6/mips-scall-save-thread_info.syscall-unconditionally-.patch @@ -0,0 +1,255 @@ +From 0cd915873865b6aa16320f676269fcd50242785c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 28 Mar 2024 14:27:56 +0000 +Subject: MIPS: scall: Save thread_info.syscall unconditionally on entry + +From: Jiaxun Yang + +[ Upstream commit 4370b673ccf240bf7587b0cb8e6726a5ccaf1f17 ] + +thread_info.syscall is used by syscall_get_nr to supply syscall nr +over a thread stack frame. + +Previously, thread_info.syscall is only saved at syscall_trace_enter +when syscall tracing is enabled. However rest of the kernel code do +expect syscall_get_nr to be available without syscall tracing. The +previous design breaks collect_syscall. + +Move saving process to syscall entry to fix it. + +Reported-by: Xi Ruoyao +Link: https://github.com/util-linux/util-linux/issues/2867 +Signed-off-by: Jiaxun Yang +Signed-off-by: Thomas Bogendoerfer +Signed-off-by: Sasha Levin +--- + arch/mips/include/asm/ptrace.h | 2 +- + arch/mips/kernel/asm-offsets.c | 1 + + arch/mips/kernel/ptrace.c | 15 ++++++--------- + arch/mips/kernel/scall32-o32.S | 23 +++++++++++++---------- + arch/mips/kernel/scall64-n32.S | 3 ++- + arch/mips/kernel/scall64-n64.S | 3 ++- + arch/mips/kernel/scall64-o32.S | 33 +++++++++++++++++---------------- + 7 files changed, 42 insertions(+), 38 deletions(-) + +diff --git a/arch/mips/include/asm/ptrace.h b/arch/mips/include/asm/ptrace.h +index d14d0e37ad02d..4a2b40ce39e09 100644 +--- a/arch/mips/include/asm/ptrace.h ++++ b/arch/mips/include/asm/ptrace.h +@@ -159,7 +159,7 @@ extern unsigned long exception_ip(struct pt_regs *regs); + #define exception_ip(regs) exception_ip(regs) + #define profile_pc(regs) instruction_pointer(regs) + +-extern asmlinkage long syscall_trace_enter(struct pt_regs *regs, long syscall); ++extern asmlinkage long syscall_trace_enter(struct pt_regs *regs); + extern asmlinkage void syscall_trace_leave(struct pt_regs *regs); + + extern void die(const char *, struct pt_regs *) __noreturn; +diff --git a/arch/mips/kernel/asm-offsets.c b/arch/mips/kernel/asm-offsets.c +index d1b11f66f748f..cb1045ebab062 100644 +--- a/arch/mips/kernel/asm-offsets.c ++++ b/arch/mips/kernel/asm-offsets.c +@@ -101,6 +101,7 @@ void output_thread_info_defines(void) + OFFSET(TI_CPU, thread_info, cpu); + OFFSET(TI_PRE_COUNT, thread_info, preempt_count); + OFFSET(TI_REGS, thread_info, regs); ++ OFFSET(TI_SYSCALL, thread_info, syscall); + DEFINE(_THREAD_SIZE, THREAD_SIZE); + DEFINE(_THREAD_MASK, THREAD_MASK); + DEFINE(_IRQ_STACK_SIZE, IRQ_STACK_SIZE); +diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c +index 59288c13b581b..61503a36067e9 100644 +--- a/arch/mips/kernel/ptrace.c ++++ b/arch/mips/kernel/ptrace.c +@@ -1317,16 +1317,13 @@ long arch_ptrace(struct task_struct *child, long request, + * Notification of system call entry/exit + * - triggered by current->work.syscall_trace + */ +-asmlinkage long syscall_trace_enter(struct pt_regs *regs, long syscall) ++asmlinkage long syscall_trace_enter(struct pt_regs *regs) + { + user_exit(); + +- current_thread_info()->syscall = syscall; +- + if (test_thread_flag(TIF_SYSCALL_TRACE)) { + if (ptrace_report_syscall_entry(regs)) + return -1; +- syscall = current_thread_info()->syscall; + } + + #ifdef CONFIG_SECCOMP +@@ -1335,7 +1332,7 @@ asmlinkage long syscall_trace_enter(struct pt_regs *regs, long syscall) + struct seccomp_data sd; + unsigned long args[6]; + +- sd.nr = syscall; ++ sd.nr = current_thread_info()->syscall; + sd.arch = syscall_get_arch(current); + syscall_get_arguments(current, regs, args); + for (i = 0; i < 6; i++) +@@ -1345,23 +1342,23 @@ asmlinkage long syscall_trace_enter(struct pt_regs *regs, long syscall) + ret = __secure_computing(&sd); + if (ret == -1) + return ret; +- syscall = current_thread_info()->syscall; + } + #endif + + if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) + trace_sys_enter(regs, regs->regs[2]); + +- audit_syscall_entry(syscall, regs->regs[4], regs->regs[5], ++ audit_syscall_entry(current_thread_info()->syscall, ++ regs->regs[4], regs->regs[5], + regs->regs[6], regs->regs[7]); + + /* + * Negative syscall numbers are mistaken for rejected syscalls, but + * won't have had the return value set appropriately, so we do so now. + */ +- if (syscall < 0) ++ if (current_thread_info()->syscall < 0) + syscall_set_return_value(current, regs, -ENOSYS, 0); +- return syscall; ++ return current_thread_info()->syscall; + } + + /* +diff --git a/arch/mips/kernel/scall32-o32.S b/arch/mips/kernel/scall32-o32.S +index 18dc9b3450561..2c604717e6308 100644 +--- a/arch/mips/kernel/scall32-o32.S ++++ b/arch/mips/kernel/scall32-o32.S +@@ -77,6 +77,18 @@ loads_done: + PTR_WD load_a7, bad_stack_a7 + .previous + ++ /* ++ * syscall number is in v0 unless we called syscall(__NR_###) ++ * where the real syscall number is in a0 ++ */ ++ subu t2, v0, __NR_O32_Linux ++ bnez t2, 1f /* __NR_syscall at offset 0 */ ++ LONG_S a0, TI_SYSCALL($28) # Save a0 as syscall number ++ b 2f ++1: ++ LONG_S v0, TI_SYSCALL($28) # Save v0 as syscall number ++2: ++ + lw t0, TI_FLAGS($28) # syscall tracing enabled? + li t1, _TIF_WORK_SYSCALL_ENTRY + and t0, t1 +@@ -114,16 +126,7 @@ syscall_trace_entry: + SAVE_STATIC + move a0, sp + +- /* +- * syscall number is in v0 unless we called syscall(__NR_###) +- * where the real syscall number is in a0 +- */ +- move a1, v0 +- subu t2, v0, __NR_O32_Linux +- bnez t2, 1f /* __NR_syscall at offset 0 */ +- lw a1, PT_R4(sp) +- +-1: jal syscall_trace_enter ++ jal syscall_trace_enter + + bltz v0, 1f # seccomp failed? Skip syscall + +diff --git a/arch/mips/kernel/scall64-n32.S b/arch/mips/kernel/scall64-n32.S +index 97456b2ca7dc3..97788859238c3 100644 +--- a/arch/mips/kernel/scall64-n32.S ++++ b/arch/mips/kernel/scall64-n32.S +@@ -44,6 +44,8 @@ NESTED(handle_sysn32, PT_SIZE, sp) + + sd a3, PT_R26(sp) # save a3 for syscall restarting + ++ LONG_S v0, TI_SYSCALL($28) # Store syscall number ++ + li t1, _TIF_WORK_SYSCALL_ENTRY + LONG_L t0, TI_FLAGS($28) # syscall tracing enabled? + and t0, t1, t0 +@@ -72,7 +74,6 @@ syscall_common: + n32_syscall_trace_entry: + SAVE_STATIC + move a0, sp +- move a1, v0 + jal syscall_trace_enter + + bltz v0, 1f # seccomp failed? Skip syscall +diff --git a/arch/mips/kernel/scall64-n64.S b/arch/mips/kernel/scall64-n64.S +index e6264aa62e457..be11ea5cc67e0 100644 +--- a/arch/mips/kernel/scall64-n64.S ++++ b/arch/mips/kernel/scall64-n64.S +@@ -46,6 +46,8 @@ NESTED(handle_sys64, PT_SIZE, sp) + + sd a3, PT_R26(sp) # save a3 for syscall restarting + ++ LONG_S v0, TI_SYSCALL($28) # Store syscall number ++ + li t1, _TIF_WORK_SYSCALL_ENTRY + LONG_L t0, TI_FLAGS($28) # syscall tracing enabled? + and t0, t1, t0 +@@ -82,7 +84,6 @@ n64_syscall_exit: + syscall_trace_entry: + SAVE_STATIC + move a0, sp +- move a1, v0 + jal syscall_trace_enter + + bltz v0, 1f # seccomp failed? Skip syscall +diff --git a/arch/mips/kernel/scall64-o32.S b/arch/mips/kernel/scall64-o32.S +index d3c2616cba226..7a5abb73e5312 100644 +--- a/arch/mips/kernel/scall64-o32.S ++++ b/arch/mips/kernel/scall64-o32.S +@@ -79,6 +79,22 @@ loads_done: + PTR_WD load_a7, bad_stack_a7 + .previous + ++ /* ++ * absolute syscall number is in v0 unless we called syscall(__NR_###) ++ * where the real syscall number is in a0 ++ * note: NR_syscall is the first O32 syscall but the macro is ++ * only defined when compiling with -mabi=32 (CONFIG_32BIT) ++ * therefore __NR_O32_Linux is used (4000) ++ */ ++ ++ subu t2, v0, __NR_O32_Linux ++ bnez t2, 1f /* __NR_syscall at offset 0 */ ++ LONG_S a0, TI_SYSCALL($28) # Save a0 as syscall number ++ b 2f ++1: ++ LONG_S v0, TI_SYSCALL($28) # Save v0 as syscall number ++2: ++ + li t1, _TIF_WORK_SYSCALL_ENTRY + LONG_L t0, TI_FLAGS($28) # syscall tracing enabled? + and t0, t1, t0 +@@ -113,22 +129,7 @@ trace_a_syscall: + sd a7, PT_R11(sp) # For indirect syscalls + + move a0, sp +- /* +- * absolute syscall number is in v0 unless we called syscall(__NR_###) +- * where the real syscall number is in a0 +- * note: NR_syscall is the first O32 syscall but the macro is +- * only defined when compiling with -mabi=32 (CONFIG_32BIT) +- * therefore __NR_O32_Linux is used (4000) +- */ +- .set push +- .set reorder +- subu t1, v0, __NR_O32_Linux +- move a1, v0 +- bnez t1, 1f /* __NR_syscall at offset 0 */ +- ld a1, PT_R4(sp) /* Arg1 for __NR_syscall case */ +- .set pop +- +-1: jal syscall_trace_enter ++ jal syscall_trace_enter + + bltz v0, 1f # seccomp failed? Skip syscall + +-- +2.43.0 + diff --git a/queue-6.6/net-bcmgenet-reset-rbuf-on-first-open.patch b/queue-6.6/net-bcmgenet-reset-rbuf-on-first-open.patch new file mode 100644 index 00000000000..4bdb56b07c1 --- /dev/null +++ b/queue-6.6/net-bcmgenet-reset-rbuf-on-first-open.patch @@ -0,0 +1,83 @@ +From a4467a1fcd9bc89efc0a0bd92c94c0def836f5f6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 1 Apr 2024 13:09:33 +0200 +Subject: net: bcmgenet: Reset RBUF on first open + +From: Phil Elwell + +[ Upstream commit 0a6380cb4c6b5c1d6dad226ba3130f9090f0ccea ] + +If the RBUF logic is not reset when the kernel starts then there +may be some data left over from any network boot loader. If the +64-byte packet headers are enabled then this can be fatal. + +Extend bcmgenet_dma_disable to do perform the reset, but not when +called from bcmgenet_resume in order to preserve a wake packet. + +N.B. This different handling of resume is just based on a hunch - +why else wouldn't one reset the RBUF as well as the TBUF? If this +isn't the case then it's easy to change the patch to make the RBUF +reset unconditional. + +See: https://github.com/raspberrypi/linux/issues/3850 +See: https://github.com/raspberrypi/firmware/issues/1882 + +Signed-off-by: Phil Elwell +Signed-off-by: Maarten Vanraes +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/broadcom/genet/bcmgenet.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c +index 89c8ddc6565ae..b91faa7973218 100644 +--- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c ++++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c +@@ -3299,7 +3299,7 @@ static void bcmgenet_get_hw_addr(struct bcmgenet_priv *priv, + } + + /* Returns a reusable dma control register value */ +-static u32 bcmgenet_dma_disable(struct bcmgenet_priv *priv) ++static u32 bcmgenet_dma_disable(struct bcmgenet_priv *priv, bool flush_rx) + { + unsigned int i; + u32 reg; +@@ -3324,6 +3324,14 @@ static u32 bcmgenet_dma_disable(struct bcmgenet_priv *priv) + udelay(10); + bcmgenet_umac_writel(priv, 0, UMAC_TX_FLUSH); + ++ if (flush_rx) { ++ reg = bcmgenet_rbuf_ctrl_get(priv); ++ bcmgenet_rbuf_ctrl_set(priv, reg | BIT(0)); ++ udelay(10); ++ bcmgenet_rbuf_ctrl_set(priv, reg); ++ udelay(10); ++ } ++ + return dma_ctrl; + } + +@@ -3387,8 +3395,8 @@ static int bcmgenet_open(struct net_device *dev) + + bcmgenet_set_hw_addr(priv, dev->dev_addr); + +- /* Disable RX/TX DMA and flush TX queues */ +- dma_ctrl = bcmgenet_dma_disable(priv); ++ /* Disable RX/TX DMA and flush TX and RX queues */ ++ dma_ctrl = bcmgenet_dma_disable(priv, true); + + /* Reinitialize TDMA and RDMA and SW housekeeping */ + ret = bcmgenet_init_dma(priv); +@@ -4259,7 +4267,7 @@ static int bcmgenet_resume(struct device *d) + bcmgenet_hfb_create_rxnfc_filter(priv, rule); + + /* Disable RX/TX DMA and flush TX queues */ +- dma_ctrl = bcmgenet_dma_disable(priv); ++ dma_ctrl = bcmgenet_dma_disable(priv, false); + + /* Reinitialize TDMA and RDMA and SW housekeeping */ + ret = bcmgenet_init_dma(priv); +-- +2.43.0 + diff --git a/queue-6.6/net-mark-racy-access-on-sk-sk_rcvbuf.patch b/queue-6.6/net-mark-racy-access-on-sk-sk_rcvbuf.patch new file mode 100644 index 00000000000..16065e41d62 --- /dev/null +++ b/queue-6.6/net-mark-racy-access-on-sk-sk_rcvbuf.patch @@ -0,0 +1,48 @@ +From 79c20d8cb5d233b892078456f03766aed2e91187 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 21 Mar 2024 16:44:10 +0800 +Subject: net: mark racy access on sk->sk_rcvbuf + +From: linke li + +[ Upstream commit c2deb2e971f5d9aca941ef13ee05566979e337a4 ] + +sk->sk_rcvbuf in __sock_queue_rcv_skb() and __sk_receive_skb() can be +changed by other threads. Mark this as benign using READ_ONCE(). + +This patch is aimed at reducing the number of benign races reported by +KCSAN in order to focus future debugging effort on harmful races. + +Signed-off-by: linke li +Reviewed-by: Eric Dumazet +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/core/sock.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/net/core/sock.c b/net/core/sock.c +index 1471c0a862b36..7f64a7b95cfb2 100644 +--- a/net/core/sock.c ++++ b/net/core/sock.c +@@ -486,7 +486,7 @@ int __sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) + unsigned long flags; + struct sk_buff_head *list = &sk->sk_receive_queue; + +- if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) { ++ if (atomic_read(&sk->sk_rmem_alloc) >= READ_ONCE(sk->sk_rcvbuf)) { + atomic_inc(&sk->sk_drops); + trace_sock_rcvqueue_full(sk, skb); + return -ENOMEM; +@@ -556,7 +556,7 @@ int __sk_receive_skb(struct sock *sk, struct sk_buff *skb, + + skb->dev = NULL; + +- if (sk_rcvqueues_full(sk, sk->sk_rcvbuf)) { ++ if (sk_rcvqueues_full(sk, READ_ONCE(sk->sk_rcvbuf))) { + atomic_inc(&sk->sk_drops); + goto discard_and_relse; + } +-- +2.43.0 + diff --git a/queue-6.6/net-usb-qmi_wwan-support-rolling-modules.patch b/queue-6.6/net-usb-qmi_wwan-support-rolling-modules.patch new file mode 100644 index 00000000000..85aee3d359d --- /dev/null +++ b/queue-6.6/net-usb-qmi_wwan-support-rolling-modules.patch @@ -0,0 +1,70 @@ +From e81c92bf182c18705d34bda12800129ea400bb31 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 16 Apr 2024 20:07:13 +0800 +Subject: net:usb:qmi_wwan: support Rolling modules + +From: Vanillan Wang + +[ Upstream commit d362046021ea122309da8c8e0b6850c792ca97b5 ] + +Update the qmi_wwan driver support for the Rolling +LTE modules. + +- VID:PID 33f8:0104, RW101-GL for laptop debug M.2 cards(with RMNET +interface for /Linux/Chrome OS) +0x0104: RMNET, diag, at, pipe + +Here are the outputs of usb-devices: +T: Bus=04 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 2 Spd=5000 MxCh= 0 +D: Ver= 3.20 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 9 #Cfgs= 1 +P: Vendor=33f8 ProdID=0104 Rev=05.04 +S: Manufacturer=Rolling Wireless S.a.r.l. +S: Product=Rolling Module +S: SerialNumber=ba2eb033 +C: #Ifs= 6 Cfg#= 1 Atr=a0 MxPwr=896mA +I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option +E: Ad=01(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms +E: Ad=81(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms +I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option +E: Ad=02(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms +E: Ad=82(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms +E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms +I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option +E: Ad=03(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms +E: Ad=84(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms +E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms +I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=40 Driver=option +E: Ad=04(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms +E: Ad=86(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms +E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms +I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=50 Driver=qmi_wwan +E: Ad=0f(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms +E: Ad=88(I) Atr=03(Int.) MxPS= 8 Ivl=32ms +E: Ad=8e(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms +I: If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=usbfs +E: Ad=05(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms +E: Ad=89(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms + +Signed-off-by: Vanillan Wang +Link: https://lore.kernel.org/r/20240416120713.24777-1-vanillanwang@163.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/net/usb/qmi_wwan.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c +index e2e181378f412..edc34402e787f 100644 +--- a/drivers/net/usb/qmi_wwan.c ++++ b/drivers/net/usb/qmi_wwan.c +@@ -1431,6 +1431,7 @@ static const struct usb_device_id products[] = { + {QMI_FIXED_INTF(0x2692, 0x9025, 4)}, /* Cellient MPL200 (rebranded Qualcomm 05c6:9025) */ + {QMI_QUIRK_SET_DTR(0x1546, 0x1312, 4)}, /* u-blox LARA-R6 01B */ + {QMI_QUIRK_SET_DTR(0x1546, 0x1342, 4)}, /* u-blox LARA-L6 */ ++ {QMI_QUIRK_SET_DTR(0x33f8, 0x0104, 4)}, /* Rolling RW101 RMNET */ + + /* 4. Gobi 1000 devices */ + {QMI_GOBI1K_DEVICE(0x05c6, 0x9212)}, /* Acer Gobi Modem Device */ +-- +2.43.0 + diff --git a/queue-6.6/platform-x86-isst-add-granite-rapids-d-to-hpm-cpu-li.patch b/queue-6.6/platform-x86-isst-add-granite-rapids-d-to-hpm-cpu-li.patch new file mode 100644 index 00000000000..937778f3532 --- /dev/null +++ b/queue-6.6/platform-x86-isst-add-granite-rapids-d-to-hpm-cpu-li.patch @@ -0,0 +1,38 @@ +From 6d95a6211d1396cc9a3aef8ba9d5469d2ea6a6e5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 15 Apr 2024 14:28:53 -0700 +Subject: platform/x86: ISST: Add Granite Rapids-D to HPM CPU list +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Srinivas Pandruvada + +[ Upstream commit d8c2d38c4d1dee8fe8e015b9ebf65bdd8e4da99b ] + +Add Granite Rapids-D to hpm_cpu_ids, so that MSR 0x54 can be used. + +Signed-off-by: Srinivas Pandruvada +Link: https://lore.kernel.org/r/20240415212853.2820470-1-srinivas.pandruvada@linux.intel.com +Reviewed-by: Ilpo Järvinen +Signed-off-by: Ilpo Järvinen +Signed-off-by: Sasha Levin +--- + drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/platform/x86/intel/speed_select_if/isst_if_common.c b/drivers/platform/x86/intel/speed_select_if/isst_if_common.c +index 08df9494603c5..30951f7131cd9 100644 +--- a/drivers/platform/x86/intel/speed_select_if/isst_if_common.c ++++ b/drivers/platform/x86/intel/speed_select_if/isst_if_common.c +@@ -719,6 +719,7 @@ static struct miscdevice isst_if_char_driver = { + }; + + static const struct x86_cpu_id hpm_cpu_ids[] = { ++ X86_MATCH_INTEL_FAM6_MODEL(GRANITERAPIDS_D, NULL), + X86_MATCH_INTEL_FAM6_MODEL(GRANITERAPIDS_X, NULL), + X86_MATCH_INTEL_FAM6_MODEL(ATOM_CRESTMONT_X, NULL), + {} +-- +2.43.0 + diff --git a/queue-6.6/powerpc-crypto-chacha-p10-fix-failure-on-non-power10.patch b/queue-6.6/powerpc-crypto-chacha-p10-fix-failure-on-non-power10.patch new file mode 100644 index 00000000000..87c250c4af5 --- /dev/null +++ b/queue-6.6/powerpc-crypto-chacha-p10-fix-failure-on-non-power10.patch @@ -0,0 +1,90 @@ +From 3089d2dcd8023da1fbcac80ea1ce359684bf6650 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 29 Mar 2024 00:02:00 +1100 +Subject: powerpc/crypto/chacha-p10: Fix failure on non Power10 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Michael Ellerman + +[ Upstream commit 69630926011c1f7170a465b7b5c228deb66e9372 ] + +The chacha-p10-crypto module provides optimised chacha routines for +Power10. It also selects CRYPTO_ARCH_HAVE_LIB_CHACHA which says it +provides chacha_crypt_arch() to generic code. + +Notably the module needs to provide chacha_crypt_arch() regardless of +whether it is loaded on Power10 or an older CPU. + +The implementation of chacha_crypt_arch() already has a fallback to +chacha_crypt_generic(), however the module as a whole fails to load on +pre-Power10, because of the use of module_cpu_feature_match(). + +This breaks for example loading wireguard: + + jostaberry-1:~ # modprobe -v wireguard + insmod /lib/modules/6.8.0-lp155.8.g7e0e887-default/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko.zst + modprobe: ERROR: could not insert 'wireguard': No such device + +Fix it by removing module_cpu_feature_match(), and instead check the +CPU feature manually. If the CPU feature is not found, the module +still loads successfully, but doesn't register the Power10 specific +algorithms. That allows chacha_crypt_generic() to remain available for +use, fixing the problem. + + [root@fedora ~]# modprobe -v wireguard + insmod /lib/modules/6.8.0-00001-g786a790c4d79/kernel/net/ipv4/udp_tunnel.ko + insmod /lib/modules/6.8.0-00001-g786a790c4d79/kernel/net/ipv6/ip6_udp_tunnel.ko + insmod /lib/modules/6.8.0-00001-g786a790c4d79/kernel/lib/crypto/libchacha.ko + insmod /lib/modules/6.8.0-00001-g786a790c4d79/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko + insmod /lib/modules/6.8.0-00001-g786a790c4d79/kernel/lib/crypto/libchacha20poly1305.ko + insmod /lib/modules/6.8.0-00001-g786a790c4d79/kernel/drivers/net/wireguard/wireguard.ko + [ 18.910452][ T721] wireguard: allowedips self-tests: pass + [ 18.914999][ T721] wireguard: nonce counter self-tests: pass + [ 19.029066][ T721] wireguard: ratelimiter self-tests: pass + [ 19.029257][ T721] wireguard: WireGuard 1.0.0 loaded. See www.wireguard.com for information. + [ 19.029361][ T721] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld . All Rights Reserved. + +Reported-by: Michal Suchánek +Closes: https://lore.kernel.org/all/20240315122005.GG20665@kitsune.suse.cz/ +Acked-by: Herbert Xu +Signed-off-by: Michael Ellerman +Link: https://msgid.link/20240328130200.3041687-1-mpe@ellerman.id.au +Signed-off-by: Sasha Levin +--- + arch/powerpc/crypto/chacha-p10-glue.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/arch/powerpc/crypto/chacha-p10-glue.c b/arch/powerpc/crypto/chacha-p10-glue.c +index 74fb86b0d2097..7c728755852e1 100644 +--- a/arch/powerpc/crypto/chacha-p10-glue.c ++++ b/arch/powerpc/crypto/chacha-p10-glue.c +@@ -197,6 +197,9 @@ static struct skcipher_alg algs[] = { + + static int __init chacha_p10_init(void) + { ++ if (!cpu_has_feature(CPU_FTR_ARCH_31)) ++ return 0; ++ + static_branch_enable(&have_p10); + + return crypto_register_skciphers(algs, ARRAY_SIZE(algs)); +@@ -204,10 +207,13 @@ static int __init chacha_p10_init(void) + + static void __exit chacha_p10_exit(void) + { ++ if (!static_branch_likely(&have_p10)) ++ return; ++ + crypto_unregister_skciphers(algs, ARRAY_SIZE(algs)); + } + +-module_cpu_feature_match(PPC_MODULE_FEATURE_P10, chacha_p10_init); ++module_init(chacha_p10_init); + module_exit(chacha_p10_exit); + + MODULE_DESCRIPTION("ChaCha and XChaCha stream ciphers (P10 accelerated)"); +-- +2.43.0 + diff --git a/queue-6.6/regulator-tps65132-add-of_match-table.patch b/queue-6.6/regulator-tps65132-add-of_match-table.patch new file mode 100644 index 00000000000..33bdf446b61 --- /dev/null +++ b/queue-6.6/regulator-tps65132-add-of_match-table.patch @@ -0,0 +1,49 @@ +From a375886d951ae6a37fcc3e479a9cf4a21dbb5f5d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 25 Mar 2024 19:05:09 +0100 +Subject: regulator: tps65132: Add of_match table +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: André Apitzsch + +[ Upstream commit a469158eaf8f4b10263b417856d923dfa38ae96d ] + +Add of_match table for "ti,tps65132" compatible string. +This fixes automatic driver loading when using device-tree, +and if built as a module like major linux distributions do. + +Signed-off-by: André Apitzsch +Link: https://msgid.link/r/20240325-of_tps65132-v1-1-86a5f7ef4ede@apitzsch.eu +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + drivers/regulator/tps65132-regulator.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/regulator/tps65132-regulator.c b/drivers/regulator/tps65132-regulator.c +index a06f5f2d79329..9c2f0dd42613d 100644 +--- a/drivers/regulator/tps65132-regulator.c ++++ b/drivers/regulator/tps65132-regulator.c +@@ -267,10 +267,17 @@ static const struct i2c_device_id tps65132_id[] = { + }; + MODULE_DEVICE_TABLE(i2c, tps65132_id); + ++static const struct of_device_id __maybe_unused tps65132_of_match[] = { ++ { .compatible = "ti,tps65132" }, ++ {}, ++}; ++MODULE_DEVICE_TABLE(of, tps65132_of_match); ++ + static struct i2c_driver tps65132_i2c_driver = { + .driver = { + .name = "tps65132", + .probe_type = PROBE_PREFER_ASYNCHRONOUS, ++ .of_match_table = of_match_ptr(tps65132_of_match), + }, + .probe = tps65132_probe, + .id_table = tps65132_id, +-- +2.43.0 + diff --git a/queue-6.6/scsi-bnx2fc-remove-spin_lock_bh-while-releasing-reso.patch b/queue-6.6/scsi-bnx2fc-remove-spin_lock_bh-while-releasing-reso.patch new file mode 100644 index 00000000000..d55af1d3bbb --- /dev/null +++ b/queue-6.6/scsi-bnx2fc-remove-spin_lock_bh-while-releasing-reso.patch @@ -0,0 +1,86 @@ +From c0833a72c18b9f4146a37ef81334842c91d055fd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 15 Mar 2024 12:44:27 +0530 +Subject: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after + upload + +From: Saurav Kashyap + +[ Upstream commit c214ed2a4dda35b308b0b28eed804d7ae66401f9 ] + +The session resources are used by FW and driver when session is offloaded, +once session is uploaded these resources are not used. The lock is not +required as these fields won't be used any longer. The offload and upload +calls are sequential, hence lock is not required. + +This will suppress following BUG_ON(): + +[ 449.843143] ------------[ cut here ]------------ +[ 449.848302] kernel BUG at mm/vmalloc.c:2727! +[ 449.853072] invalid opcode: 0000 [#1] PREEMPT SMP PTI +[ 449.858712] CPU: 5 PID: 1996 Comm: kworker/u24:2 Not tainted 5.14.0-118.el9.x86_64 #1 +Rebooting. +[ 449.867454] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.3.4 11/08/2016 +[ 449.876966] Workqueue: fc_rport_eq fc_rport_work [libfc] +[ 449.882910] RIP: 0010:vunmap+0x2e/0x30 +[ 449.887098] Code: 00 65 8b 05 14 a2 f0 4a a9 00 ff ff 00 75 1b 55 48 89 fd e8 34 36 79 00 48 85 ed 74 0b 48 89 ef 31 f6 5d e9 14 fc ff ff 5d c3 <0f> 0b 0f 1f 44 00 00 41 57 41 56 49 89 ce 41 55 49 89 fd 41 54 41 +[ 449.908054] RSP: 0018:ffffb83d878b3d68 EFLAGS: 00010206 +[ 449.913887] RAX: 0000000080000201 RBX: ffff8f4355133550 RCX: 000000000d400005 +[ 449.921843] RDX: 0000000000000001 RSI: 0000000000001000 RDI: ffffb83da53f5000 +[ 449.929808] RBP: ffff8f4ac6675800 R08: ffffb83d878b3d30 R09: 00000000000efbdf +[ 449.937774] R10: 0000000000000003 R11: ffff8f434573e000 R12: 0000000000001000 +[ 449.945736] R13: 0000000000001000 R14: ffffb83da53f5000 R15: ffff8f43d4ea3ae0 +[ 449.953701] FS: 0000000000000000(0000) GS:ffff8f529fc80000(0000) knlGS:0000000000000000 +[ 449.962732] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 449.969138] CR2: 00007f8cf993e150 CR3: 0000000efbe10003 CR4: 00000000003706e0 +[ 449.977102] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[ 449.985065] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +[ 449.993028] Call Trace: +[ 449.995756] __iommu_dma_free+0x96/0x100 +[ 450.000139] bnx2fc_free_session_resc+0x67/0x240 [bnx2fc] +[ 450.006171] bnx2fc_upload_session+0xce/0x100 [bnx2fc] +[ 450.011910] bnx2fc_rport_event_handler+0x9f/0x240 [bnx2fc] +[ 450.018136] fc_rport_work+0x103/0x5b0 [libfc] +[ 450.023103] process_one_work+0x1e8/0x3c0 +[ 450.027581] worker_thread+0x50/0x3b0 +[ 450.031669] ? rescuer_thread+0x370/0x370 +[ 450.036143] kthread+0x149/0x170 +[ 450.039744] ? set_kthread_struct+0x40/0x40 +[ 450.044411] ret_from_fork+0x22/0x30 +[ 450.048404] Modules linked in: vfat msdos fat xfs nfs_layout_nfsv41_files rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver dm_service_time qedf qed crc8 bnx2fc libfcoe libfc scsi_transport_fc intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp dcdbas rapl intel_cstate intel_uncore mei_me pcspkr mei ipmi_ssif lpc_ich ipmi_si fuse zram ext4 mbcache jbd2 loop nfsv3 nfs_acl nfs lockd grace fscache netfs irdma ice sd_mod t10_pi sg ib_uverbs ib_core 8021q garp mrp stp llc mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt mxm_wmi fb_sys_fops cec crct10dif_pclmul ahci crc32_pclmul bnx2x drm ghash_clmulni_intel libahci rfkill i40e libata megaraid_sas mdio wmi sunrpc lrw dm_crypt dm_round_robin dm_multipath dm_snapshot dm_bufio dm_mirror dm_region_hash dm_log dm_zero dm_mod linear raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx raid6_pq libcrc32c crc32c_intel raid1 raid0 iscsi_ibft squashfs be2iscsi bnx2i cnic uio cxgb4i cxgb4 tls +[ 450.048497] libcxgbi libcxgb qla4xxx iscsi_boot_sysfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi edd ipmi_devintf ipmi_msghandler +[ 450.159753] ---[ end trace 712de2c57c64abc8 ]--- + +Reported-by: Guangwu Zhang +Signed-off-by: Saurav Kashyap +Signed-off-by: Nilesh Javali +Link: https://lore.kernel.org/r/20240315071427.31842-1-skashyap@marvell.com +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/drivers/scsi/bnx2fc/bnx2fc_tgt.c b/drivers/scsi/bnx2fc/bnx2fc_tgt.c +index 2c246e80c1c4d..d91659811eb3c 100644 +--- a/drivers/scsi/bnx2fc/bnx2fc_tgt.c ++++ b/drivers/scsi/bnx2fc/bnx2fc_tgt.c +@@ -833,7 +833,6 @@ static void bnx2fc_free_session_resc(struct bnx2fc_hba *hba, + + BNX2FC_TGT_DBG(tgt, "Freeing up session resources\n"); + +- spin_lock_bh(&tgt->cq_lock); + ctx_base_ptr = tgt->ctx_base; + tgt->ctx_base = NULL; + +@@ -889,7 +888,6 @@ static void bnx2fc_free_session_resc(struct bnx2fc_hba *hba, + tgt->sq, tgt->sq_dma); + tgt->sq = NULL; + } +- spin_unlock_bh(&tgt->cq_lock); + + if (ctx_base_ptr) + iounmap(ctx_base_ptr); +-- +2.43.0 + diff --git a/queue-6.6/scsi-hisi_sas-handle-the-ncq-error-returned-by-d2h-f.patch b/queue-6.6/scsi-hisi_sas-handle-the-ncq-error-returned-by-d2h-f.patch new file mode 100644 index 00000000000..1640964cb14 --- /dev/null +++ b/queue-6.6/scsi-hisi_sas-handle-the-ncq-error-returned-by-d2h-f.patch @@ -0,0 +1,49 @@ +From eed41c1e4cc569263d31870a85e84b39323c93f0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 2 Apr 2024 11:55:12 +0800 +Subject: scsi: hisi_sas: Handle the NCQ error returned by D2H frame + +From: Xiang Chen + +[ Upstream commit 358e919a351f2ea4b412e7dac6b1c23ec10bd4f5 ] + +We find that some disks use D2H frame instead of SDB frame to return NCQ +error. Currently, only the I/O corresponding to the D2H frame is processed +in this scenario, which does not meet the processing requirements of the +NCQ error scenario. So we set dev_status to HISI_SAS_DEV_NCQ_ERR and abort +all I/Os of the disk in this scenario. + +Co-developed-by: Xingui Yang +Signed-off-by: Xingui Yang +Signed-off-by: Xiang Chen +Link: https://lore.kernel.org/r/20240402035513.2024241-2-chenxiang66@hisilicon.com +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c b/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c +index e914c0c13bb5b..6b97c066e6631 100644 +--- a/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c ++++ b/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c +@@ -2245,7 +2245,15 @@ slot_err_v3_hw(struct hisi_hba *hisi_hba, struct sas_task *task, + case SAS_PROTOCOL_SATA | SAS_PROTOCOL_STP: + if ((dw0 & CMPLT_HDR_RSPNS_XFRD_MSK) && + (sipc_rx_err_type & RX_FIS_STATUS_ERR_MSK)) { +- ts->stat = SAS_PROTO_RESPONSE; ++ if (task->ata_task.use_ncq) { ++ struct domain_device *device = task->dev; ++ struct hisi_sas_device *sas_dev = device->lldd_dev; ++ ++ sas_dev->dev_status = HISI_SAS_DEV_NCQ_ERR; ++ slot->abort = 1; ++ } else { ++ ts->stat = SAS_PROTO_RESPONSE; ++ } + } else if (dma_rx_err_type & RX_DATA_LEN_UNDERFLOW_MSK) { + ts->residual = trans_tx_fail_type; + ts->stat = SAS_DATA_UNDERRUN; +-- +2.43.0 + diff --git a/queue-6.6/scsi-libsas-align-smp-request-allocation-to-arch_dma.patch b/queue-6.6/scsi-libsas-align-smp-request-allocation-to-arch_dma.patch new file mode 100644 index 00000000000..9ce0a5d6d23 --- /dev/null +++ b/queue-6.6/scsi-libsas-align-smp-request-allocation-to-arch_dma.patch @@ -0,0 +1,46 @@ +From 78d788cd0873854dbb44882c154222a24db5af1f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 28 Mar 2024 17:06:26 +0800 +Subject: scsi: libsas: Align SMP request allocation to ARCH_DMA_MINALIGN + +From: Yihang Li + +[ Upstream commit e675a4fd6d1f8990d3bed5dada3d20edfa000423 ] + +This series [1] reduced the kmalloc() minimum alignment on arm64 to 8 bytes +(from 128). In libsas, this will cause SMP requests to be 8-byte aligned +through kmalloc() allocation. However, for hisi_sas hardware, all command +addresses must be 16-byte-aligned. Otherwise, the commands fail to be +executed. + +ARCH_DMA_MINALIGN represents the minimum (static) alignment for safe DMA +operations, so use ARCH_DMA_MINALIGN as the alignment for SMP request. + +Link: https://lkml.kernel.org/r/20230612153201.554742-1-catalin.marinas@arm.com [1] +Signed-off-by: Yihang Li +Link: https://lore.kernel.org/r/20240328090626.621147-1-liyihang9@huawei.com +Reviewed-by: Damien Le Moal +Reviewed-by: John Garry +Reviewed-by: Jason Yan +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/libsas/sas_expander.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/scsi/libsas/sas_expander.c b/drivers/scsi/libsas/sas_expander.c +index 5c261005b74e4..f6e6db8b8aba9 100644 +--- a/drivers/scsi/libsas/sas_expander.c ++++ b/drivers/scsi/libsas/sas_expander.c +@@ -135,7 +135,7 @@ static int smp_execute_task(struct domain_device *dev, void *req, int req_size, + + static inline void *alloc_smp_req(int size) + { +- u8 *p = kzalloc(size, GFP_KERNEL); ++ u8 *p = kzalloc(ALIGN(size, ARCH_DMA_MINALIGN), GFP_KERNEL); + if (p) + p[0] = SMP_REQUEST; + return p; +-- +2.43.0 + diff --git a/queue-6.6/scsi-lpfc-move-npiv-s-transport-unregistration-to-af.patch b/queue-6.6/scsi-lpfc-move-npiv-s-transport-unregistration-to-af.patch new file mode 100644 index 00000000000..14e8853371e --- /dev/null +++ b/queue-6.6/scsi-lpfc-move-npiv-s-transport-unregistration-to-af.patch @@ -0,0 +1,60 @@ +From 9fd8d9b78f61523bfa3b4fb7f5ea7024735e8e3b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 5 Mar 2024 12:04:53 -0800 +Subject: scsi: lpfc: Move NPIV's transport unregistration to after resource + clean up + +From: Justin Tee + +[ Upstream commit 4ddf01f2f1504fa08b766e8cfeec558e9f8eef6c ] + +There are cases after NPIV deletion where the fabric switch still believes +the NPIV is logged into the fabric. This occurs when a vport is +unregistered before the Remove All DA_ID CT and LOGO ELS are sent to the +fabric. + +Currently fc_remove_host(), which calls dev_loss_tmo for all D_IDs including +the fabric D_ID, removes the last ndlp reference and frees the ndlp rport +object. This sometimes causes the race condition where the final DA_ID and +LOGO are skipped from being sent to the fabric switch. + +Fix by moving the fc_remove_host() and scsi_remove_host() calls after DA_ID +and LOGO are sent. + +Signed-off-by: Justin Tee +Link: https://lore.kernel.org/r/20240305200503.57317-3-justintee8345@gmail.com +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/lpfc/lpfc_vport.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/drivers/scsi/lpfc/lpfc_vport.c b/drivers/scsi/lpfc/lpfc_vport.c +index 6c7559cf1a4b6..9e0e9e02d2c47 100644 +--- a/drivers/scsi/lpfc/lpfc_vport.c ++++ b/drivers/scsi/lpfc/lpfc_vport.c +@@ -683,10 +683,6 @@ lpfc_vport_delete(struct fc_vport *fc_vport) + lpfc_free_sysfs_attr(vport); + lpfc_debugfs_terminate(vport); + +- /* Remove FC host to break driver binding. */ +- fc_remove_host(shost); +- scsi_remove_host(shost); +- + /* Send the DA_ID and Fabric LOGO to cleanup Nameserver entries. */ + ndlp = lpfc_findnode_did(vport, Fabric_DID); + if (!ndlp) +@@ -730,6 +726,10 @@ lpfc_vport_delete(struct fc_vport *fc_vport) + + skip_logo: + ++ /* Remove FC host to break driver binding. */ ++ fc_remove_host(shost); ++ scsi_remove_host(shost); ++ + lpfc_cleanup(vport); + + /* Remove scsi host now. The nodes are cleaned up. */ +-- +2.43.0 + diff --git a/queue-6.6/scsi-lpfc-release-hbalock-before-calling-lpfc_worker.patch b/queue-6.6/scsi-lpfc-release-hbalock-before-calling-lpfc_worker.patch new file mode 100644 index 00000000000..b1b8fdddf24 --- /dev/null +++ b/queue-6.6/scsi-lpfc-release-hbalock-before-calling-lpfc_worker.patch @@ -0,0 +1,129 @@ +From 2a9c14cb7e6871fcf237498f0780a5761c4e570a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 5 Mar 2024 12:04:57 -0800 +Subject: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() + +From: Justin Tee + +[ Upstream commit ded20192dff31c91cef2a04f7e20e60e9bb887d3 ] + +lpfc_worker_wake_up() calls the lpfc_work_done() routine, which takes the +hbalock. Thus, lpfc_worker_wake_up() should not be called while holding the +hbalock to avoid potential deadlock. + +Signed-off-by: Justin Tee +Link: https://lore.kernel.org/r/20240305200503.57317-7-justintee8345@gmail.com +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/lpfc/lpfc_els.c | 20 ++++++++++---------- + drivers/scsi/lpfc/lpfc_hbadisc.c | 5 ++--- + drivers/scsi/lpfc/lpfc_sli.c | 14 +++++++------- + 3 files changed, 19 insertions(+), 20 deletions(-) + +diff --git a/drivers/scsi/lpfc/lpfc_els.c b/drivers/scsi/lpfc/lpfc_els.c +index 18b8325fd419e..44d3ada9fbbcb 100644 +--- a/drivers/scsi/lpfc/lpfc_els.c ++++ b/drivers/scsi/lpfc/lpfc_els.c +@@ -4432,23 +4432,23 @@ lpfc_els_retry_delay(struct timer_list *t) + unsigned long flags; + struct lpfc_work_evt *evtp = &ndlp->els_retry_evt; + ++ /* Hold a node reference for outstanding queued work */ ++ if (!lpfc_nlp_get(ndlp)) ++ return; ++ + spin_lock_irqsave(&phba->hbalock, flags); + if (!list_empty(&evtp->evt_listp)) { + spin_unlock_irqrestore(&phba->hbalock, flags); ++ lpfc_nlp_put(ndlp); + return; + } + +- /* We need to hold the node by incrementing the reference +- * count until the queued work is done +- */ +- evtp->evt_arg1 = lpfc_nlp_get(ndlp); +- if (evtp->evt_arg1) { +- evtp->evt = LPFC_EVT_ELS_RETRY; +- list_add_tail(&evtp->evt_listp, &phba->work_list); +- lpfc_worker_wake_up(phba); +- } ++ evtp->evt_arg1 = ndlp; ++ evtp->evt = LPFC_EVT_ELS_RETRY; ++ list_add_tail(&evtp->evt_listp, &phba->work_list); + spin_unlock_irqrestore(&phba->hbalock, flags); +- return; ++ ++ lpfc_worker_wake_up(phba); + } + + /** +diff --git a/drivers/scsi/lpfc/lpfc_hbadisc.c b/drivers/scsi/lpfc/lpfc_hbadisc.c +index 5154eeaee0ec3..93703ab6ce037 100644 +--- a/drivers/scsi/lpfc/lpfc_hbadisc.c ++++ b/drivers/scsi/lpfc/lpfc_hbadisc.c +@@ -257,7 +257,9 @@ lpfc_dev_loss_tmo_callbk(struct fc_rport *rport) + if (evtp->evt_arg1) { + evtp->evt = LPFC_EVT_DEV_LOSS; + list_add_tail(&evtp->evt_listp, &phba->work_list); ++ spin_unlock_irqrestore(&phba->hbalock, iflags); + lpfc_worker_wake_up(phba); ++ return; + } + spin_unlock_irqrestore(&phba->hbalock, iflags); + } else { +@@ -275,10 +277,7 @@ lpfc_dev_loss_tmo_callbk(struct fc_rport *rport) + lpfc_disc_state_machine(vport, ndlp, NULL, + NLP_EVT_DEVICE_RM); + } +- + } +- +- return; + } + + /** +diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c +index 4dfadf254a727..9dab33686a931 100644 +--- a/drivers/scsi/lpfc/lpfc_sli.c ++++ b/drivers/scsi/lpfc/lpfc_sli.c +@@ -1217,9 +1217,9 @@ lpfc_set_rrq_active(struct lpfc_hba *phba, struct lpfc_nodelist *ndlp, + empty = list_empty(&phba->active_rrq_list); + list_add_tail(&rrq->list, &phba->active_rrq_list); + phba->hba_flag |= HBA_RRQ_ACTIVE; ++ spin_unlock_irqrestore(&phba->hbalock, iflags); + if (empty) + lpfc_worker_wake_up(phba); +- spin_unlock_irqrestore(&phba->hbalock, iflags); + return 0; + out: + spin_unlock_irqrestore(&phba->hbalock, iflags); +@@ -11369,18 +11369,18 @@ lpfc_sli_post_recovery_event(struct lpfc_hba *phba, + unsigned long iflags; + struct lpfc_work_evt *evtp = &ndlp->recovery_evt; + ++ /* Hold a node reference for outstanding queued work */ ++ if (!lpfc_nlp_get(ndlp)) ++ return; ++ + spin_lock_irqsave(&phba->hbalock, iflags); + if (!list_empty(&evtp->evt_listp)) { + spin_unlock_irqrestore(&phba->hbalock, iflags); ++ lpfc_nlp_put(ndlp); + return; + } + +- /* Incrementing the reference count until the queued work is done. */ +- evtp->evt_arg1 = lpfc_nlp_get(ndlp); +- if (!evtp->evt_arg1) { +- spin_unlock_irqrestore(&phba->hbalock, iflags); +- return; +- } ++ evtp->evt_arg1 = ndlp; + evtp->evt = LPFC_EVT_RECOVER_PORT; + list_add_tail(&evtp->evt_listp, &phba->work_list); + spin_unlock_irqrestore(&phba->hbalock, iflags); +-- +2.43.0 + diff --git a/queue-6.6/scsi-lpfc-remove-irqf_oneshot-flag-from-threaded-irq.patch b/queue-6.6/scsi-lpfc-remove-irqf_oneshot-flag-from-threaded-irq.patch new file mode 100644 index 00000000000..b210f8a0323 --- /dev/null +++ b/queue-6.6/scsi-lpfc-remove-irqf_oneshot-flag-from-threaded-irq.patch @@ -0,0 +1,43 @@ +From 1c43cd17d5722c7b6946e1a57710049f3de4b51a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 5 Mar 2024 12:04:54 -0800 +Subject: scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling + +From: Justin Tee + +[ Upstream commit 4623713e7ade46bfc63a3eade836f566ccbcd771 ] + +IRQF_ONESHOT is found to mask HBA generated interrupts when thread_fn is +running. As a result, some EQEs/CQEs miss timely processing resulting in +SCSI layer attempts to abort commands due to io_timeout. Abort CQEs are +also not processed leading to the observations of hangs and spam of "0748 +abort handler timed out waiting for aborting I/O" log messages. + +Remove the IRQF_ONESHOT flag. The cmpxchg and xchg atomic operations on +lpfc_queue->queue_claimed already protect potential parallel access to an +EQ/CQ should the thread_fn get interrupted by the primary irq handler. + +Signed-off-by: Justin Tee +Link: https://lore.kernel.org/r/20240305200503.57317-4-justintee8345@gmail.com +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/lpfc/lpfc_init.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c +index 2c336953e56ca..76c883cc66ed6 100644 +--- a/drivers/scsi/lpfc/lpfc_init.c ++++ b/drivers/scsi/lpfc/lpfc_init.c +@@ -13051,7 +13051,7 @@ lpfc_sli4_enable_msix(struct lpfc_hba *phba) + rc = request_threaded_irq(eqhdl->irq, + &lpfc_sli4_hba_intr_handler, + &lpfc_sli4_hba_intr_handler_th, +- IRQF_ONESHOT, name, eqhdl); ++ 0, name, eqhdl); + if (rc) { + lpfc_printf_log(phba, KERN_WARNING, LOG_INIT, + "0486 MSI-X fast-path (%d) " +-- +2.43.0 + diff --git a/queue-6.6/scsi-lpfc-replace-hbalock-with-ndlp-lock-in-lpfc_nvm.patch b/queue-6.6/scsi-lpfc-replace-hbalock-with-ndlp-lock-in-lpfc_nvm.patch new file mode 100644 index 00000000000..d80a09c9616 --- /dev/null +++ b/queue-6.6/scsi-lpfc-replace-hbalock-with-ndlp-lock-in-lpfc_nvm.patch @@ -0,0 +1,40 @@ +From 36c5017b5061dccf2b604e265b56627e648acefb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 5 Mar 2024 12:04:56 -0800 +Subject: scsi: lpfc: Replace hbalock with ndlp lock in + lpfc_nvme_unregister_port() + +From: Justin Tee + +[ Upstream commit d11272be497e48a8e8f980470eb6b70e92eed0ce ] + +The ndlp object update in lpfc_nvme_unregister_port() should be protected +by the ndlp lock rather than hbalock. + +Signed-off-by: Justin Tee +Link: https://lore.kernel.org/r/20240305200503.57317-6-justintee8345@gmail.com +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/lpfc/lpfc_nvme.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/scsi/lpfc/lpfc_nvme.c b/drivers/scsi/lpfc/lpfc_nvme.c +index 96e11a26c297e..a7479258e8055 100644 +--- a/drivers/scsi/lpfc/lpfc_nvme.c ++++ b/drivers/scsi/lpfc/lpfc_nvme.c +@@ -2614,9 +2614,9 @@ lpfc_nvme_unregister_port(struct lpfc_vport *vport, struct lpfc_nodelist *ndlp) + /* No concern about the role change on the nvme remoteport. + * The transport will update it. + */ +- spin_lock_irq(&vport->phba->hbalock); ++ spin_lock_irq(&ndlp->lock); + ndlp->fc4_xpt_flags |= NVME_XPT_UNREG_WAIT; +- spin_unlock_irq(&vport->phba->hbalock); ++ spin_unlock_irq(&ndlp->lock); + + /* Don't let the host nvme transport keep sending keep-alives + * on this remoteport. Vport is unloading, no recovery. The +-- +2.43.0 + diff --git a/queue-6.6/scsi-lpfc-update-lpfc_ramp_down_queue_handler-logic.patch b/queue-6.6/scsi-lpfc-update-lpfc_ramp_down_queue_handler-logic.patch new file mode 100644 index 00000000000..5210add2ae5 --- /dev/null +++ b/queue-6.6/scsi-lpfc-update-lpfc_ramp_down_queue_handler-logic.patch @@ -0,0 +1,92 @@ +From 9007e7355b83c9599df2b231cdb5b11c650f37ca Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 5 Mar 2024 12:04:55 -0800 +Subject: scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic + +From: Justin Tee + +[ Upstream commit bb011631435c705cdeddca68d5c85fd40a4320f9 ] + +Typically when an out of resource CQE status is detected, the +lpfc_ramp_down_queue_handler() logic is called to help reduce I/O load by +reducing an sdev's queue_depth. + +However, the current lpfc_rampdown_queue_depth() logic does not help reduce +queue_depth. num_cmd_success is never updated and is always zero, which +means new_queue_depth will always be set to sdev->queue_depth. So, +new_queue_depth = sdev->queue_depth - new_queue_depth always sets +new_queue_depth to zero. And, scsi_change_queue_depth(sdev, 0) is +essentially a no-op. + +Change the lpfc_ramp_down_queue_handler() logic to set new_queue_depth +equal to sdev->queue_depth subtracted from number of times num_rsrc_err was +incremented. If num_rsrc_err is >= sdev->queue_depth, then set +new_queue_depth equal to 1. Eventually, the frequency of Good_Status +frames will signal SCSI upper layer to auto increase the queue_depth back +to the driver default of 64 via scsi_handle_queue_ramp_up(). + +Signed-off-by: Justin Tee +Link: https://lore.kernel.org/r/20240305200503.57317-5-justintee8345@gmail.com +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/lpfc/lpfc.h | 1 - + drivers/scsi/lpfc/lpfc_scsi.c | 13 ++++--------- + 2 files changed, 4 insertions(+), 10 deletions(-) + +diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h +index 04d608ea91060..be016732ab2ea 100644 +--- a/drivers/scsi/lpfc/lpfc.h ++++ b/drivers/scsi/lpfc/lpfc.h +@@ -1325,7 +1325,6 @@ struct lpfc_hba { + struct timer_list fabric_block_timer; + unsigned long bit_flags; + atomic_t num_rsrc_err; +- atomic_t num_cmd_success; + unsigned long last_rsrc_error_time; + unsigned long last_ramp_down_time; + #ifdef CONFIG_SCSI_LPFC_DEBUG_FS +diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c +index bf879d81846b6..cf506556f3b0b 100644 +--- a/drivers/scsi/lpfc/lpfc_scsi.c ++++ b/drivers/scsi/lpfc/lpfc_scsi.c +@@ -167,11 +167,10 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) + struct Scsi_Host *shost; + struct scsi_device *sdev; + unsigned long new_queue_depth; +- unsigned long num_rsrc_err, num_cmd_success; ++ unsigned long num_rsrc_err; + int i; + + num_rsrc_err = atomic_read(&phba->num_rsrc_err); +- num_cmd_success = atomic_read(&phba->num_cmd_success); + + /* + * The error and success command counters are global per +@@ -186,20 +185,16 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) + for (i = 0; i <= phba->max_vports && vports[i] != NULL; i++) { + shost = lpfc_shost_from_vport(vports[i]); + shost_for_each_device(sdev, shost) { +- new_queue_depth = +- sdev->queue_depth * num_rsrc_err / +- (num_rsrc_err + num_cmd_success); +- if (!new_queue_depth) +- new_queue_depth = sdev->queue_depth - 1; ++ if (num_rsrc_err >= sdev->queue_depth) ++ new_queue_depth = 1; + else + new_queue_depth = sdev->queue_depth - +- new_queue_depth; ++ num_rsrc_err; + scsi_change_queue_depth(sdev, new_queue_depth); + } + } + lpfc_destroy_vport_work_array(phba, vports); + atomic_set(&phba->num_rsrc_err, 0); +- atomic_set(&phba->num_cmd_success, 0); + } + + /** +-- +2.43.0 + diff --git a/queue-6.6/scsi-lpfc-use-a-dedicated-lock-for-ras_fwlog-state.patch b/queue-6.6/scsi-lpfc-use-a-dedicated-lock-for-ras_fwlog-state.patch new file mode 100644 index 00000000000..1daf5bd14cc --- /dev/null +++ b/queue-6.6/scsi-lpfc-use-a-dedicated-lock-for-ras_fwlog-state.patch @@ -0,0 +1,237 @@ +From 4ee9c190dcec49c0f17dcb2344f805e07ed96de7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 5 Mar 2024 12:04:58 -0800 +Subject: scsi: lpfc: Use a dedicated lock for ras_fwlog state + +From: Justin Tee + +[ Upstream commit f733a76ea0a9a84aee4ac41b81fad4d610ecbd8e ] + +To reduce usage of and contention for hbalock, a separate dedicated lock is +used to protect ras_fwlog state. + +Signed-off-by: Justin Tee +Link: https://lore.kernel.org/r/20240305200503.57317-8-justintee8345@gmail.com +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/lpfc/lpfc.h | 1 + + drivers/scsi/lpfc/lpfc_attr.c | 4 ++-- + drivers/scsi/lpfc/lpfc_bsg.c | 20 ++++++++++---------- + drivers/scsi/lpfc/lpfc_debugfs.c | 12 ++++++------ + drivers/scsi/lpfc/lpfc_init.c | 3 +++ + drivers/scsi/lpfc/lpfc_sli.c | 20 ++++++++++---------- + 6 files changed, 32 insertions(+), 28 deletions(-) + +diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h +index be016732ab2ea..9670cb2bf198e 100644 +--- a/drivers/scsi/lpfc/lpfc.h ++++ b/drivers/scsi/lpfc/lpfc.h +@@ -1429,6 +1429,7 @@ struct lpfc_hba { + struct timer_list inactive_vmid_poll; + + /* RAS Support */ ++ spinlock_t ras_fwlog_lock; /* do not take while holding another lock */ + struct lpfc_ras_fwlog ras_fwlog; + + uint32_t iocb_cnt; +diff --git a/drivers/scsi/lpfc/lpfc_attr.c b/drivers/scsi/lpfc/lpfc_attr.c +index b1c9107d34083..79b45ea5fdb5e 100644 +--- a/drivers/scsi/lpfc/lpfc_attr.c ++++ b/drivers/scsi/lpfc/lpfc_attr.c +@@ -5864,9 +5864,9 @@ lpfc_ras_fwlog_buffsize_set(struct lpfc_hba *phba, uint val) + if (phba->cfg_ras_fwlog_func != PCI_FUNC(phba->pcidev->devfn)) + return -EINVAL; + +- spin_lock_irq(&phba->hbalock); ++ spin_lock_irq(&phba->ras_fwlog_lock); + state = phba->ras_fwlog.state; +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + + if (state == REG_INPROGRESS) { + lpfc_printf_log(phba, KERN_ERR, LOG_SLI, "6147 RAS Logging " +diff --git a/drivers/scsi/lpfc/lpfc_bsg.c b/drivers/scsi/lpfc/lpfc_bsg.c +index 2919579fa0846..c305d16cfae9a 100644 +--- a/drivers/scsi/lpfc/lpfc_bsg.c ++++ b/drivers/scsi/lpfc/lpfc_bsg.c +@@ -5070,12 +5070,12 @@ lpfc_bsg_get_ras_config(struct bsg_job *job) + bsg_reply->reply_data.vendor_reply.vendor_rsp; + + /* Current logging state */ +- spin_lock_irq(&phba->hbalock); ++ spin_lock_irq(&phba->ras_fwlog_lock); + if (ras_fwlog->state == ACTIVE) + ras_reply->state = LPFC_RASLOG_STATE_RUNNING; + else + ras_reply->state = LPFC_RASLOG_STATE_STOPPED; +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + + ras_reply->log_level = phba->ras_fwlog.fw_loglevel; + ras_reply->log_buff_sz = phba->cfg_ras_fwlog_buffsize; +@@ -5132,13 +5132,13 @@ lpfc_bsg_set_ras_config(struct bsg_job *job) + + if (action == LPFC_RASACTION_STOP_LOGGING) { + /* Check if already disabled */ +- spin_lock_irq(&phba->hbalock); ++ spin_lock_irq(&phba->ras_fwlog_lock); + if (ras_fwlog->state != ACTIVE) { +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + rc = -ESRCH; + goto ras_job_error; + } +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + + /* Disable logging */ + lpfc_ras_stop_fwlog(phba); +@@ -5149,10 +5149,10 @@ lpfc_bsg_set_ras_config(struct bsg_job *job) + * FW-logging with new log-level. Return status + * "Logging already Running" to caller. + **/ +- spin_lock_irq(&phba->hbalock); ++ spin_lock_irq(&phba->ras_fwlog_lock); + if (ras_fwlog->state != INACTIVE) + action_status = -EINPROGRESS; +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + + /* Enable logging */ + rc = lpfc_sli4_ras_fwlog_init(phba, log_level, +@@ -5268,13 +5268,13 @@ lpfc_bsg_get_ras_fwlog(struct bsg_job *job) + goto ras_job_error; + + /* Logging to be stopped before reading */ +- spin_lock_irq(&phba->hbalock); ++ spin_lock_irq(&phba->ras_fwlog_lock); + if (ras_fwlog->state == ACTIVE) { +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + rc = -EINPROGRESS; + goto ras_job_error; + } +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + + if (job->request_len < + sizeof(struct fc_bsg_request) + +diff --git a/drivers/scsi/lpfc/lpfc_debugfs.c b/drivers/scsi/lpfc/lpfc_debugfs.c +index ea9b42225e629..20662b4f339eb 100644 +--- a/drivers/scsi/lpfc/lpfc_debugfs.c ++++ b/drivers/scsi/lpfc/lpfc_debugfs.c +@@ -2196,12 +2196,12 @@ static int lpfc_debugfs_ras_log_data(struct lpfc_hba *phba, + + memset(buffer, 0, size); + +- spin_lock_irq(&phba->hbalock); ++ spin_lock_irq(&phba->ras_fwlog_lock); + if (phba->ras_fwlog.state != ACTIVE) { +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + return -EINVAL; + } +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + + list_for_each_entry_safe(dmabuf, next, + &phba->ras_fwlog.fwlog_buff_list, list) { +@@ -2252,13 +2252,13 @@ lpfc_debugfs_ras_log_open(struct inode *inode, struct file *file) + int size; + int rc = -ENOMEM; + +- spin_lock_irq(&phba->hbalock); ++ spin_lock_irq(&phba->ras_fwlog_lock); + if (phba->ras_fwlog.state != ACTIVE) { +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + rc = -EINVAL; + goto out; + } +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + + if (check_mul_overflow(LPFC_RAS_MIN_BUFF_POST_SIZE, + phba->cfg_ras_fwlog_buffsize, &size)) +diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c +index 76c883cc66ed6..416816d74ea1c 100644 +--- a/drivers/scsi/lpfc/lpfc_init.c ++++ b/drivers/scsi/lpfc/lpfc_init.c +@@ -7698,6 +7698,9 @@ lpfc_setup_driver_resource_phase1(struct lpfc_hba *phba) + "NVME" : " "), + (phba->nvmet_support ? "NVMET" : " ")); + ++ /* ras_fwlog state */ ++ spin_lock_init(&phba->ras_fwlog_lock); ++ + /* Initialize the IO buffer list used by driver for SLI3 SCSI */ + spin_lock_init(&phba->scsi_buf_list_get_lock); + INIT_LIST_HEAD(&phba->lpfc_scsi_buf_list_get); +diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c +index 9dab33686a931..5af669b930193 100644 +--- a/drivers/scsi/lpfc/lpfc_sli.c ++++ b/drivers/scsi/lpfc/lpfc_sli.c +@@ -6844,9 +6844,9 @@ lpfc_ras_stop_fwlog(struct lpfc_hba *phba) + { + struct lpfc_ras_fwlog *ras_fwlog = &phba->ras_fwlog; + +- spin_lock_irq(&phba->hbalock); ++ spin_lock_irq(&phba->ras_fwlog_lock); + ras_fwlog->state = INACTIVE; +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + + /* Disable FW logging to host memory */ + writel(LPFC_CTL_PDEV_CTL_DDL_RAS, +@@ -6889,9 +6889,9 @@ lpfc_sli4_ras_dma_free(struct lpfc_hba *phba) + ras_fwlog->lwpd.virt = NULL; + } + +- spin_lock_irq(&phba->hbalock); ++ spin_lock_irq(&phba->ras_fwlog_lock); + ras_fwlog->state = INACTIVE; +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + } + + /** +@@ -6993,9 +6993,9 @@ lpfc_sli4_ras_mbox_cmpl(struct lpfc_hba *phba, LPFC_MBOXQ_t *pmb) + goto disable_ras; + } + +- spin_lock_irq(&phba->hbalock); ++ spin_lock_irq(&phba->ras_fwlog_lock); + ras_fwlog->state = ACTIVE; +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + mempool_free(pmb, phba->mbox_mem_pool); + + return; +@@ -7027,9 +7027,9 @@ lpfc_sli4_ras_fwlog_init(struct lpfc_hba *phba, + uint32_t len = 0, fwlog_buffsize, fwlog_entry_count; + int rc = 0; + +- spin_lock_irq(&phba->hbalock); ++ spin_lock_irq(&phba->ras_fwlog_lock); + ras_fwlog->state = INACTIVE; +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + + fwlog_buffsize = (LPFC_RAS_MIN_BUFF_POST_SIZE * + phba->cfg_ras_fwlog_buffsize); +@@ -7090,9 +7090,9 @@ lpfc_sli4_ras_fwlog_init(struct lpfc_hba *phba, + mbx_fwlog->u.request.lwpd.addr_lo = putPaddrLow(ras_fwlog->lwpd.phys); + mbx_fwlog->u.request.lwpd.addr_hi = putPaddrHigh(ras_fwlog->lwpd.phys); + +- spin_lock_irq(&phba->hbalock); ++ spin_lock_irq(&phba->ras_fwlog_lock); + ras_fwlog->state = REG_INPROGRESS; +- spin_unlock_irq(&phba->hbalock); ++ spin_unlock_irq(&phba->ras_fwlog_lock); + mbox->vport = phba->pport; + mbox->mbox_cmpl = lpfc_sli4_ras_mbox_cmpl; + +-- +2.43.0 + diff --git a/queue-6.6/scsi-mpi3mr-avoid-memcpy-field-spanning-write-warnin.patch b/queue-6.6/scsi-mpi3mr-avoid-memcpy-field-spanning-write-warnin.patch new file mode 100644 index 00000000000..ddf06296ccd --- /dev/null +++ b/queue-6.6/scsi-mpi3mr-avoid-memcpy-field-spanning-write-warnin.patch @@ -0,0 +1,62 @@ +From 4b6c22f4f1d4a405547e60d9734acb60add17f6c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 23 Mar 2024 17:41:55 +0900 +Subject: scsi: mpi3mr: Avoid memcpy field-spanning write WARNING + +From: Shin'ichiro Kawasaki + +[ Upstream commit 429846b4b6ce9853e0d803a2357bb2e55083adf0 ] + +When the "storcli2 show" command is executed for eHBA-9600, mpi3mr driver +prints this WARNING message: + + memcpy: detected field-spanning write (size 128) of single field "bsg_reply_buf->reply_buf" at drivers/scsi/mpi3mr/mpi3mr_app.c:1658 (size 1) + WARNING: CPU: 0 PID: 12760 at drivers/scsi/mpi3mr/mpi3mr_app.c:1658 mpi3mr_bsg_request+0x6b12/0x7f10 [mpi3mr] + +The cause of the WARN is 128 bytes memcpy to the 1 byte size array "__u8 +replay_buf[1]" in the struct mpi3mr_bsg_in_reply_buf. The array is intended +to be a flexible length array, so the WARN is a false positive. + +To suppress the WARN, remove the constant number '1' from the array +declaration and clarify that it has flexible length. Also, adjust the +memory allocation size to match the change. + +Suggested-by: Sathya Prakash Veerichetty +Signed-off-by: Shin'ichiro Kawasaki +Link: https://lore.kernel.org/r/20240323084155.166835-1-shinichiro.kawasaki@wdc.com +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/mpi3mr/mpi3mr_app.c | 2 +- + include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/scsi/mpi3mr/mpi3mr_app.c b/drivers/scsi/mpi3mr/mpi3mr_app.c +index 9dacbb8570c93..aa5b535e6662b 100644 +--- a/drivers/scsi/mpi3mr/mpi3mr_app.c ++++ b/drivers/scsi/mpi3mr/mpi3mr_app.c +@@ -1345,7 +1345,7 @@ static long mpi3mr_bsg_process_mpt_cmds(struct bsg_job *job, unsigned int *reply + if ((mpirep_offset != 0xFF) && + drv_bufs[mpirep_offset].bsg_buf_len) { + drv_buf_iter = &drv_bufs[mpirep_offset]; +- drv_buf_iter->kern_buf_len = (sizeof(*bsg_reply_buf) - 1 + ++ drv_buf_iter->kern_buf_len = (sizeof(*bsg_reply_buf) + + mrioc->reply_sz); + bsg_reply_buf = kzalloc(drv_buf_iter->kern_buf_len, GFP_KERNEL); + +diff --git a/include/uapi/scsi/scsi_bsg_mpi3mr.h b/include/uapi/scsi/scsi_bsg_mpi3mr.h +index 907d345f04f93..353183e863e47 100644 +--- a/include/uapi/scsi/scsi_bsg_mpi3mr.h ++++ b/include/uapi/scsi/scsi_bsg_mpi3mr.h +@@ -382,7 +382,7 @@ struct mpi3mr_bsg_in_reply_buf { + __u8 mpi_reply_type; + __u8 rsvd1; + __u16 rsvd2; +- __u8 reply_buf[1]; ++ __u8 reply_buf[]; + }; + + /** +-- +2.43.0 + diff --git a/queue-6.6/scsi-target-fix-selinux-error-when-systemd-modules-l.patch b/queue-6.6/scsi-target-fix-selinux-error-when-systemd-modules-l.patch new file mode 100644 index 00000000000..53c9d3a9e84 --- /dev/null +++ b/queue-6.6/scsi-target-fix-selinux-error-when-systemd-modules-l.patch @@ -0,0 +1,68 @@ +From 51c5750871db5b0319977decbc15b71ee9bcd8f1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 15 Feb 2024 15:39:43 +0100 +Subject: scsi: target: Fix SELinux error when systemd-modules loads the target + module + +From: Maurizio Lombardi + +[ Upstream commit 97a54ef596c3fd24ec2b227ba8aaf2cf5415e779 ] + +If the systemd-modules service loads the target module, the credentials of +that userspace process will be used to validate the access to the target db +directory. SELinux will prevent it, reporting an error like the following: + +kernel: audit: type=1400 audit(1676301082.205:4): avc: denied { read } +for pid=1020 comm="systemd-modules" name="target" dev="dm-3" +ino=4657583 scontext=system_u:system_r:systemd_modules_load_t:s0 +tcontext=system_u:object_r:targetd_etc_rw_t:s0 tclass=dir permissive=0 + +Fix the error by using the kernel credentials to access the db directory + +Signed-off-by: Maurizio Lombardi +Link: https://lore.kernel.org/r/20240215143944.847184-2-mlombard@redhat.com +Reviewed-by: Mike Christie +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/target/target_core_configfs.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c +index d5860c1c1f469..9a88774836c9d 100644 +--- a/drivers/target/target_core_configfs.c ++++ b/drivers/target/target_core_configfs.c +@@ -3634,6 +3634,8 @@ static int __init target_core_init_configfs(void) + { + struct configfs_subsystem *subsys = &target_core_fabrics; + struct t10_alua_lu_gp *lu_gp; ++ struct cred *kern_cred; ++ const struct cred *old_cred; + int ret; + + pr_debug("TARGET_CORE[0]: Loading Generic Kernel Storage" +@@ -3710,11 +3712,21 @@ static int __init target_core_init_configfs(void) + if (ret < 0) + goto out; + ++ /* We use the kernel credentials to access the target directory */ ++ kern_cred = prepare_kernel_cred(&init_task); ++ if (!kern_cred) { ++ ret = -ENOMEM; ++ goto out; ++ } ++ old_cred = override_creds(kern_cred); + target_init_dbroot(); ++ revert_creds(old_cred); ++ put_cred(kern_cred); + + return 0; + + out: ++ target_xcopy_release_pt(); + configfs_unregister_subsystem(subsys); + core_dev_release_virtual_lun0(); + rd_module_exit(); +-- +2.43.0 + diff --git a/queue-6.6/scsi-ufs-core-fix-mcq-mac-configuration.patch b/queue-6.6/scsi-ufs-core-fix-mcq-mac-configuration.patch new file mode 100644 index 00000000000..316b7531ae0 --- /dev/null +++ b/queue-6.6/scsi-ufs-core-fix-mcq-mac-configuration.patch @@ -0,0 +1,39 @@ +From 654d6301d1a85f5a5ac97c0361172cf4c77dd633 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 20 Feb 2024 01:56:37 -0800 +Subject: scsi: ufs: core: Fix MCQ MAC configuration + +From: Rohit Ner + +[ Upstream commit 767712f91de76abd22a45184e6e3440120b8bfce ] + +As per JEDEC Standard No. 223E Section 5.9.2, the max # active commands +value programmed by the host sw in MCQConfig.MAC should be one less than +the actual value. + +Signed-off-by: Rohit Ner +Link: https://lore.kernel.org/r/20240220095637.2900067-1-rohitner@google.com +Reviewed-by: Peter Wang +Reviewed-by: Can Guo +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/ufs/core/ufs-mcq.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/ufs/core/ufs-mcq.c b/drivers/ufs/core/ufs-mcq.c +index 0787456c2b892..c873fd8239427 100644 +--- a/drivers/ufs/core/ufs-mcq.c ++++ b/drivers/ufs/core/ufs-mcq.c +@@ -94,7 +94,7 @@ void ufshcd_mcq_config_mac(struct ufs_hba *hba, u32 max_active_cmds) + + val = ufshcd_readl(hba, REG_UFS_MCQ_CFG); + val &= ~MCQ_CFG_MAC_MASK; +- val |= FIELD_PREP(MCQ_CFG_MAC_MASK, max_active_cmds); ++ val |= FIELD_PREP(MCQ_CFG_MAC_MASK, max_active_cmds - 1); + ufshcd_writel(hba, val, REG_UFS_MCQ_CFG); + } + EXPORT_SYMBOL_GPL(ufshcd_mcq_config_mac); +-- +2.43.0 + diff --git a/queue-6.6/scsi-ufs-core-fix-mcq-mode-dev-command-timeout.patch b/queue-6.6/scsi-ufs-core-fix-mcq-mode-dev-command-timeout.patch new file mode 100644 index 00000000000..1d31e3081e4 --- /dev/null +++ b/queue-6.6/scsi-ufs-core-fix-mcq-mode-dev-command-timeout.patch @@ -0,0 +1,43 @@ +From 575180ef6954eeb5e761c1178f5b74bee2003abf Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 28 Mar 2024 19:12:44 +0800 +Subject: scsi: ufs: core: Fix MCQ mode dev command timeout + +From: Peter Wang + +[ Upstream commit 2a26a11e9c258b14be6fd98f8a85f20ac1fff66e ] + +When a dev command times out in MCQ mode, a successfully cleared command +should cause a retry. However, because we currently return 0, the caller +considers the command a success which causes the following error to be +logged: "Invalid offset 0x0 in descriptor IDN 0x9, length 0x0". + +Retry if clearing the command was successful. + +Signed-off-by: Peter Wang +Link: https://lore.kernel.org/r/20240328111244.3599-1-peter.wang@mediatek.com +Reviewed-by: Bart Van Assche +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/ufs/core/ufshcd.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c +index 8005373e20bae..344806330be16 100644 +--- a/drivers/ufs/core/ufshcd.c ++++ b/drivers/ufs/core/ufshcd.c +@@ -3064,7 +3064,9 @@ static int ufshcd_wait_for_dev_cmd(struct ufs_hba *hba, + + /* MCQ mode */ + if (is_mcq_enabled(hba)) { +- err = ufshcd_clear_cmd(hba, lrbp->task_tag); ++ /* successfully cleared the command, retry if needed */ ++ if (ufshcd_clear_cmd(hba, lrbp->task_tag) == 0) ++ err = -EAGAIN; + hba->dev_cmd.complete = NULL; + return err; + } +-- +2.43.0 + diff --git a/queue-6.6/scsi-ufs-core-wlun-suspend-dev-link-state-error-reco.patch b/queue-6.6/scsi-ufs-core-wlun-suspend-dev-link-state-error-reco.patch new file mode 100644 index 00000000000..a65beacaf55 --- /dev/null +++ b/queue-6.6/scsi-ufs-core-wlun-suspend-dev-link-state-error-reco.patch @@ -0,0 +1,45 @@ +From 536ea9a24d39acc4e07670dc29a9651d6bf90f4e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 29 Mar 2024 09:50:36 +0800 +Subject: scsi: ufs: core: WLUN suspend dev/link state error recovery + +From: Peter Wang + +[ Upstream commit 6bc5e70b1c792b31b497e48b4668a9a2909aca0d ] + +When wl suspend error occurs, for example BKOP or SSU timeout, the host +triggers an error handler and returns -EBUSY to break the wl suspend +process. However, it is possible for the runtime PM to enter wl suspend +again before the error handler has finished, and return -EINVAL because the +device is in an error state. To address this, ensure that the rumtime PM +waits for the error handler to finish, or trigger the error handler in such +cases, because returning -EINVAL can cause the I/O to hang. + +Signed-off-by: Peter Wang +Link: https://lore.kernel.org/r/20240329015036.15707-1-peter.wang@mediatek.com +Reviewed-by: Bart Van Assche +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/ufs/core/ufshcd.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c +index ee9119b708f01..8005373e20bae 100644 +--- a/drivers/ufs/core/ufshcd.c ++++ b/drivers/ufs/core/ufshcd.c +@@ -9547,7 +9547,10 @@ static int __ufshcd_wl_suspend(struct ufs_hba *hba, enum ufs_pm_op pm_op) + + /* UFS device & link must be active before we enter in this function */ + if (!ufshcd_is_ufs_dev_active(hba) || !ufshcd_is_link_active(hba)) { +- ret = -EINVAL; ++ /* Wait err handler finish or trigger err recovery */ ++ if (!ufshcd_eh_in_progress(hba)) ++ ufshcd_force_error_recovery(hba); ++ ret = -EBUSY; + goto enable_scaling; + } + +-- +2.43.0 + diff --git a/queue-6.6/selftests-ftrace-fix-event-filter-target_func-select.patch b/queue-6.6/selftests-ftrace-fix-event-filter-target_func-select.patch new file mode 100644 index 00000000000..59611adcc69 --- /dev/null +++ b/queue-6.6/selftests-ftrace-fix-event-filter-target_func-select.patch @@ -0,0 +1,93 @@ +From 001f4041b619d2872d3e0c583d7b89dc9de76d3b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 20 Mar 2024 14:18:44 +0000 +Subject: selftests/ftrace: Fix event filter target_func selection + +From: Mark Rutland + +[ Upstream commit 8ecab2e64572f1aecdfc5a8feae748abda6e3347 ] + +The event filter function test has been failing in our internal test +farm: + +| # not ok 33 event filter function - test event filtering on functions + +Running the test in verbose mode indicates that this is because the test +erroneously determines that kmem_cache_free() is the most common caller +of kmem_cache_free(): + + # # + cut -d: -f3 trace + # # + sed s/call_site=([^+]*)+0x.*/1/ + # # + sort + # # + uniq -c + # # + sort + # # + tail -n 1 + # # + sed s/^[ 0-9]*// + # # + target_func=kmem_cache_free + +... and as kmem_cache_free() doesn't call itself, setting this as the +filter function for kmem_cache_free() results in no hits, and +consequently the test fails: + + # # + grep kmem_cache_free trace + # # + grep kmem_cache_free + # # + wc -l + # # + hitcnt=0 + # # + grep kmem_cache_free trace + # # + grep -v kmem_cache_free + # # + wc -l + # # + misscnt=0 + # # + [ 0 -eq 0 ] + # # + exit_fail + +This seems to be because the system in question has tasks with ':' in +their name (which a number of kernel worker threads have). These show up +in the trace, e.g. + + test:.sh-1299 [004] ..... 2886.040608: kmem_cache_free: call_site=putname+0xa4/0xc8 ptr=000000000f4d22f4 name=names_cache + +... and so when we try to extact the call_site with: + + cut -d: -f3 trace | sed 's/call_site=\([^+]*\)+0x.*/\1/' + +... the 'cut' command will extrace the column containing +'kmem_cache_free' rather than the column containing 'call_site=...', and +the 'sed' command will leave this unchanged. Consequently, the test will +decide to use 'kmem_cache_free' as the filter function, resulting in the +failure seen above. + +Fix this by matching the 'call_site=' part specifically to extract +the function name. + +Signed-off-by: Mark Rutland +Reported-by: Aishwarya TCV +Cc: Masami Hiramatsu +Cc: Mathieu Desnoyers +Cc: Shuah Khan +Cc: Steven Rostedt +Cc: linux-kernel@vger.kernel.org +Cc: linux-kselftest@vger.kernel.org +Cc: linux-trace-kernel@vger.kernel.org +Acked-by: Masami Hiramatsu (Google) +Signed-off-by: Shuah Khan +Signed-off-by: Sasha Levin +--- + .../selftests/ftrace/test.d/filter/event-filter-function.tc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/testing/selftests/ftrace/test.d/filter/event-filter-function.tc b/tools/testing/selftests/ftrace/test.d/filter/event-filter-function.tc +index 2de7c61d1ae30..3f74c09c56b62 100644 +--- a/tools/testing/selftests/ftrace/test.d/filter/event-filter-function.tc ++++ b/tools/testing/selftests/ftrace/test.d/filter/event-filter-function.tc +@@ -24,7 +24,7 @@ echo 0 > events/enable + echo "Get the most frequently calling function" + sample_events + +-target_func=`cut -d: -f3 trace | sed 's/call_site=\([^+]*\)+0x.*/\1/' | sort | uniq -c | sort | tail -n 1 | sed 's/^[ 0-9]*//'` ++target_func=`cat trace | grep -o 'call_site=\([^+]*\)' | sed 's/call_site=//' | sort | uniq -c | sort | tail -n 1 | sed 's/^[ 0-9]*//'` + if [ -z "$target_func" ]; then + exit_fail + fi +-- +2.43.0 + diff --git a/queue-6.6/selftests-timers-fix-valid-adjtimex-signed-left-shif.patch b/queue-6.6/selftests-timers-fix-valid-adjtimex-signed-left-shif.patch new file mode 100644 index 00000000000..e7a9a014288 --- /dev/null +++ b/queue-6.6/selftests-timers-fix-valid-adjtimex-signed-left-shif.patch @@ -0,0 +1,139 @@ +From 29e2e49aee38f7144da21f84bab5c11e653958fe Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 9 Apr 2024 13:22:12 -0700 +Subject: selftests: timers: Fix valid-adjtimex signed left-shift undefined + behavior + +From: John Stultz + +[ Upstream commit 076361362122a6d8a4c45f172ced5576b2d4a50d ] + +The struct adjtimex freq field takes a signed value who's units are in +shifted (<<16) parts-per-million. + +Unfortunately for negative adjustments, the straightforward use of: + + freq = ppm << 16 trips undefined behavior warnings with clang: + +valid-adjtimex.c:66:6: warning: shifting a negative signed value is undefined [-Wshift-negative-value] + -499<<16, + ~~~~^ +valid-adjtimex.c:67:6: warning: shifting a negative signed value is undefined [-Wshift-negative-value] + -450<<16, + ~~~~^ +.. + +Fix it by using a multiply by (1 << 16) instead of shifting negative values +in the valid-adjtimex test case. Align the values for better readability. + +Reported-by: Lee Jones +Reported-by: Muhammad Usama Anjum +Signed-off-by: John Stultz +Signed-off-by: Thomas Gleixner +Reviewed-by: Muhammad Usama Anjum +Link: https://lore.kernel.org/r/20240409202222.2830476-1-jstultz@google.com +Link: https://lore.kernel.org/lkml/0c6d4f0d-2064-4444-986b-1d1ed782135f@collabora.com/ +Signed-off-by: Sasha Levin +--- + .../testing/selftests/timers/valid-adjtimex.c | 73 +++++++++---------- + 1 file changed, 36 insertions(+), 37 deletions(-) + +diff --git a/tools/testing/selftests/timers/valid-adjtimex.c b/tools/testing/selftests/timers/valid-adjtimex.c +index 48b9a803235a8..d13ebde203221 100644 +--- a/tools/testing/selftests/timers/valid-adjtimex.c ++++ b/tools/testing/selftests/timers/valid-adjtimex.c +@@ -21,9 +21,6 @@ + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ +- +- +- + #include + #include + #include +@@ -62,45 +59,47 @@ int clear_time_state(void) + #define NUM_FREQ_OUTOFRANGE 4 + #define NUM_FREQ_INVALID 2 + ++#define SHIFTED_PPM (1 << 16) ++ + long valid_freq[NUM_FREQ_VALID] = { +- -499<<16, +- -450<<16, +- -400<<16, +- -350<<16, +- -300<<16, +- -250<<16, +- -200<<16, +- -150<<16, +- -100<<16, +- -75<<16, +- -50<<16, +- -25<<16, +- -10<<16, +- -5<<16, +- -1<<16, ++ -499 * SHIFTED_PPM, ++ -450 * SHIFTED_PPM, ++ -400 * SHIFTED_PPM, ++ -350 * SHIFTED_PPM, ++ -300 * SHIFTED_PPM, ++ -250 * SHIFTED_PPM, ++ -200 * SHIFTED_PPM, ++ -150 * SHIFTED_PPM, ++ -100 * SHIFTED_PPM, ++ -75 * SHIFTED_PPM, ++ -50 * SHIFTED_PPM, ++ -25 * SHIFTED_PPM, ++ -10 * SHIFTED_PPM, ++ -5 * SHIFTED_PPM, ++ -1 * SHIFTED_PPM, + -1000, +- 1<<16, +- 5<<16, +- 10<<16, +- 25<<16, +- 50<<16, +- 75<<16, +- 100<<16, +- 150<<16, +- 200<<16, +- 250<<16, +- 300<<16, +- 350<<16, +- 400<<16, +- 450<<16, +- 499<<16, ++ 1 * SHIFTED_PPM, ++ 5 * SHIFTED_PPM, ++ 10 * SHIFTED_PPM, ++ 25 * SHIFTED_PPM, ++ 50 * SHIFTED_PPM, ++ 75 * SHIFTED_PPM, ++ 100 * SHIFTED_PPM, ++ 150 * SHIFTED_PPM, ++ 200 * SHIFTED_PPM, ++ 250 * SHIFTED_PPM, ++ 300 * SHIFTED_PPM, ++ 350 * SHIFTED_PPM, ++ 400 * SHIFTED_PPM, ++ 450 * SHIFTED_PPM, ++ 499 * SHIFTED_PPM, + }; + + long outofrange_freq[NUM_FREQ_OUTOFRANGE] = { +- -1000<<16, +- -550<<16, +- 550<<16, +- 1000<<16, ++ -1000 * SHIFTED_PPM, ++ -550 * SHIFTED_PPM, ++ 550 * SHIFTED_PPM, ++ 1000 * SHIFTED_PPM, + }; + + #define LONG_MAX (~0UL>>1) +-- +2.43.0 + diff --git a/queue-6.6/series b/queue-6.6/series index 5ef3f09b26f..ad60531a514 100644 --- a/queue-6.6/series +++ b/queue-6.6/series @@ -94,3 +94,81 @@ powerpc-pseries-iommu-lpar-panics-during-boot-up-wit.patch swiotlb-initialise-restricted-pool-list_head-when-sw.patch kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch +scsi-ufs-core-fix-mcq-mac-configuration.patch +scsi-lpfc-move-npiv-s-transport-unregistration-to-af.patch +scsi-lpfc-remove-irqf_oneshot-flag-from-threaded-irq.patch +scsi-lpfc-update-lpfc_ramp_down_queue_handler-logic.patch +scsi-lpfc-replace-hbalock-with-ndlp-lock-in-lpfc_nvm.patch +scsi-lpfc-release-hbalock-before-calling-lpfc_worker.patch +scsi-lpfc-use-a-dedicated-lock-for-ras_fwlog-state.patch +gfs2-fix-invalid-metadata-access-in-punch_hole.patch +wifi-mac80211-fix-ieee80211_bss_-_flags-kernel-doc.patch +wifi-cfg80211-fix-rdev_dump_mpp-arguments-order.patch +wifi-mac80211-fix-prep_connection-error-path.patch +wifi-iwlwifi-read-txq-read_ptr-under-lock.patch +wifi-iwlwifi-mvm-guard-against-invalid-sta-id-on-rem.patch +net-mark-racy-access-on-sk-sk_rcvbuf.patch +scsi-mpi3mr-avoid-memcpy-field-spanning-write-warnin.patch +scsi-bnx2fc-remove-spin_lock_bh-while-releasing-reso.patch +btrfs-return-accurate-error-code-on-open-failure-in-.patch +drm-amdkfd-check-cgroup-when-returning-dmabuf-info.patch +drm-amdkfd-range-check-cp-bad-op-exception-interrupt.patch +bpf-check-bloom-filter-map-value-size.patch +selftests-ftrace-fix-event-filter-target_func-select.patch +kbuild-disable-kcsan-for-autogenerated-.mod.c-interm.patch +asoc-sof-intel-hda-dsp-skip-imr-boot-on-ace-platform.patch +regulator-tps65132-add-of_match-table.patch +scsi-ufs-core-wlun-suspend-dev-link-state-error-reco.patch +scsi-libsas-align-smp-request-allocation-to-arch_dma.patch +scsi-ufs-core-fix-mcq-mode-dev-command-timeout.patch +alsa-line6-zero-initialize-message-buffers.patch +block-fix-overflow-in-blk_ioctl_discard.patch +net-bcmgenet-reset-rbuf-on-first-open.patch +vboxsf-explicitly-deny-setlease-attempts.patch +ata-sata_gemini-check-clk_enable-result.patch +firewire-ohci-mask-bus-reset-interrupts-between-isr-.patch +tools-power-turbostat-fix-added-raw-msr-output.patch +tools-power-turbostat-increase-the-limit-for-fd-open.patch +tools-power-turbostat-fix-bzy_mhz-documentation-typo.patch +tools-power-turbostat-print-ucode-revision-only-if-v.patch +tools-power-turbostat-fix-warning-upon-failed-dev-cp.patch +btrfs-make-btrfs_clear_delalloc_extent-free-delalloc.patch +btrfs-always-clear-pertrans-metadata-during-commit.patch +memblock-tests-fix-undefined-reference-to-early_pfn_.patch +memblock-tests-fix-undefined-reference-to-panic.patch +memblock-tests-fix-undefined-reference-to-bit.patch +scsi-target-fix-selinux-error-when-systemd-modules-l.patch +scsi-hisi_sas-handle-the-ncq-error-returned-by-d2h-f.patch +blk-iocost-avoid-out-of-bounds-shift.patch +gpu-host1x-do-not-setup-dma-for-virtual-devices.patch +mips-scall-save-thread_info.syscall-unconditionally-.patch +tools-power-turbostat-fix-uncore-frequency-file-stri.patch +drm-amdgpu-refine-ib-schedule-error-logging.patch +drm-amdgpu-implement-irq_state_enable-for-sdma-v4.4..patch +drm-amd-display-skip-on-writeback-when-it-s-not-appl.patch +drm-amdgpu-fix-vcn-allocation-in-cpx-partition.patch +amd-amdkfd-sync-all-devices-to-wait-all-processes-be.patch +selftests-timers-fix-valid-adjtimex-signed-left-shif.patch +drivers-hv-vmbus-leak-pages-if-set_memory_encrypted-.patch +drivers-hv-vmbus-track-decrypted-status-in-vmbus_gpa.patch +hv_netvsc-don-t-free-decrypted-memory.patch +uio_hv_generic-don-t-free-decrypted-memory.patch +drivers-hv-vmbus-don-t-free-ring-buffers-that-couldn.patch +smb3-fix-broken-reconnect-when-password-changing-on-.patch +iommu-mtk-fix-module-autoloading.patch +fs-9p-only-translate-rwx-permissions-for-plain-9p200.patch +fs-9p-translate-o_trunc-into-otrunc.patch +fs-9p-fix-the-cache-always-being-enabled-on-files-wi.patch +9p-explicitly-deny-setlease-attempts.patch +powerpc-crypto-chacha-p10-fix-failure-on-non-power10.patch +gpio-wcove-use-enotsupp-consistently.patch +gpio-crystalcove-use-enotsupp-consistently.patch +clk-don-t-hold-prepare_lock-when-calling-kref_put.patch +fs-9p-drop-inodes-immediately-on-non-.l-too.patch +gpio-lpc32xx-fix-module-autoloading.patch +drm-nouveau-dp-don-t-probe-edp-ports-twice-harder.patch +platform-x86-isst-add-granite-rapids-d-to-hpm-cpu-li.patch +drm-radeon-silence-ubsan-warning-v3.patch +net-usb-qmi_wwan-support-rolling-modules.patch +blk-iocost-do-not-warn-if-iocg-was-already-offlined.patch +sunrpc-add-a-missing-rpc_stat-for-tcp-tls.patch diff --git a/queue-6.6/smb3-fix-broken-reconnect-when-password-changing-on-.patch b/queue-6.6/smb3-fix-broken-reconnect-when-password-changing-on-.patch new file mode 100644 index 00000000000..06cbddd3c2a --- /dev/null +++ b/queue-6.6/smb3-fix-broken-reconnect-when-password-changing-on-.patch @@ -0,0 +1,212 @@ +From 82d97b375265df2d35aaa48f6a831f64243f23e3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 4 Apr 2024 18:06:56 -0500 +Subject: smb3: fix broken reconnect when password changing on the server by + allowing password rotation + +From: Steve French + +[ Upstream commit 35f834265e0dc78b003aa0d1af65cafb89666b76 ] + +There are various use cases that are becoming more common in which password +changes are scheduled on a server(s) periodically but the clients connected +to this server need to stay connected (even in the face of brief network +reconnects) due to mounts which can not be easily unmounted and mounted at +will, and servers that do password rotation do not always have the ability +to tell the clients exactly when to the new password will be effective, +so add support for an alt password ("password2=") on mount (and also +remount) so that we can anticipate the upcoming change to the server +without risking breaking existing mounts. + +An alternative would have been to use the kernel keyring for this but the +processes doing the reconnect do not have access to the keyring but do +have access to the ses structure. + +Reviewed-by: Bharath SM +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/smb/client/cifsglob.h | 1 + + fs/smb/client/connect.c | 8 ++++++++ + fs/smb/client/fs_context.c | 21 +++++++++++++++++++++ + fs/smb/client/fs_context.h | 2 ++ + fs/smb/client/misc.c | 1 + + fs/smb/client/smb2pdu.c | 11 +++++++++++ + 6 files changed, 44 insertions(+) + +diff --git a/fs/smb/client/cifsglob.h b/fs/smb/client/cifsglob.h +index 12a48e1d80c3f..b598c7ed497bb 100644 +--- a/fs/smb/client/cifsglob.h ++++ b/fs/smb/client/cifsglob.h +@@ -1049,6 +1049,7 @@ struct cifs_ses { + and after mount option parsing we fill it */ + char *domainName; + char *password; ++ char *password2; /* When key rotation used, new password may be set before it expires */ + char workstation_name[CIFS_MAX_WORKSTATION_LEN]; + struct session_key auth_key; + struct ntlmssp_auth *ntlmssp; /* ciphertext, flags, server challenge */ +diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c +index c5705de7f9de2..cb3bed8364e07 100644 +--- a/fs/smb/client/connect.c ++++ b/fs/smb/client/connect.c +@@ -2178,6 +2178,7 @@ cifs_set_cifscreds(struct smb3_fs_context *ctx, struct cifs_ses *ses) + } + + ++delim; ++ /* BB consider adding support for password2 (Key Rotation) for multiuser in future */ + ctx->password = kstrndup(delim, len, GFP_KERNEL); + if (!ctx->password) { + cifs_dbg(FYI, "Unable to allocate %zd bytes for password\n", +@@ -2201,6 +2202,7 @@ cifs_set_cifscreds(struct smb3_fs_context *ctx, struct cifs_ses *ses) + kfree(ctx->username); + ctx->username = NULL; + kfree_sensitive(ctx->password); ++ /* no need to free ctx->password2 since not allocated in this path */ + ctx->password = NULL; + goto out_key_put; + } +@@ -2312,6 +2314,12 @@ cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) + if (!ses->password) + goto get_ses_fail; + } ++ /* ctx->password freed at unmount */ ++ if (ctx->password2) { ++ ses->password2 = kstrdup(ctx->password2, GFP_KERNEL); ++ if (!ses->password2) ++ goto get_ses_fail; ++ } + if (ctx->domainname) { + ses->domainName = kstrdup(ctx->domainname, GFP_KERNEL); + if (!ses->domainName) +diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c +index 103421791bb5d..4d9e57be84dbc 100644 +--- a/fs/smb/client/fs_context.c ++++ b/fs/smb/client/fs_context.c +@@ -161,6 +161,7 @@ const struct fs_parameter_spec smb3_fs_parameters[] = { + fsparam_string("username", Opt_user), + fsparam_string("pass", Opt_pass), + fsparam_string("password", Opt_pass), ++ fsparam_string("password2", Opt_pass2), + fsparam_string("ip", Opt_ip), + fsparam_string("addr", Opt_ip), + fsparam_string("domain", Opt_domain), +@@ -314,6 +315,7 @@ smb3_fs_context_dup(struct smb3_fs_context *new_ctx, struct smb3_fs_context *ctx + new_ctx->nodename = NULL; + new_ctx->username = NULL; + new_ctx->password = NULL; ++ new_ctx->password2 = NULL; + new_ctx->server_hostname = NULL; + new_ctx->domainname = NULL; + new_ctx->UNC = NULL; +@@ -326,6 +328,7 @@ smb3_fs_context_dup(struct smb3_fs_context *new_ctx, struct smb3_fs_context *ctx + DUP_CTX_STR(prepath); + DUP_CTX_STR(username); + DUP_CTX_STR(password); ++ DUP_CTX_STR(password2); + DUP_CTX_STR(server_hostname); + DUP_CTX_STR(UNC); + DUP_CTX_STR(source); +@@ -884,6 +887,8 @@ static int smb3_reconfigure(struct fs_context *fc) + else { + kfree_sensitive(ses->password); + ses->password = kstrdup(ctx->password, GFP_KERNEL); ++ kfree_sensitive(ses->password2); ++ ses->password2 = kstrdup(ctx->password2, GFP_KERNEL); + } + STEAL_STRING(cifs_sb, ctx, domainname); + STEAL_STRING(cifs_sb, ctx, nodename); +@@ -1283,6 +1288,18 @@ static int smb3_fs_context_parse_param(struct fs_context *fc, + goto cifs_parse_mount_err; + } + break; ++ case Opt_pass2: ++ kfree_sensitive(ctx->password2); ++ ctx->password2 = NULL; ++ if (strlen(param->string) == 0) ++ break; ++ ++ ctx->password2 = kstrdup(param->string, GFP_KERNEL); ++ if (ctx->password2 == NULL) { ++ cifs_errorf(fc, "OOM when copying password2 string\n"); ++ goto cifs_parse_mount_err; ++ } ++ break; + case Opt_ip: + if (strlen(param->string) == 0) { + ctx->got_ip = false; +@@ -1582,6 +1599,8 @@ static int smb3_fs_context_parse_param(struct fs_context *fc, + cifs_parse_mount_err: + kfree_sensitive(ctx->password); + ctx->password = NULL; ++ kfree_sensitive(ctx->password2); ++ ctx->password2 = NULL; + return -EINVAL; + } + +@@ -1684,6 +1703,8 @@ smb3_cleanup_fs_context_contents(struct smb3_fs_context *ctx) + ctx->username = NULL; + kfree_sensitive(ctx->password); + ctx->password = NULL; ++ kfree_sensitive(ctx->password2); ++ ctx->password2 = NULL; + kfree(ctx->server_hostname); + ctx->server_hostname = NULL; + kfree(ctx->UNC); +diff --git a/fs/smb/client/fs_context.h b/fs/smb/client/fs_context.h +index 4e409238fe8f7..d7c090dbe75db 100644 +--- a/fs/smb/client/fs_context.h ++++ b/fs/smb/client/fs_context.h +@@ -137,6 +137,7 @@ enum cifs_param { + Opt_source, + Opt_user, + Opt_pass, ++ Opt_pass2, + Opt_ip, + Opt_domain, + Opt_srcaddr, +@@ -170,6 +171,7 @@ struct smb3_fs_context { + + char *username; + char *password; ++ char *password2; + char *domainname; + char *source; + char *server_hostname; +diff --git a/fs/smb/client/misc.c b/fs/smb/client/misc.c +index 0d13db80e67c9..d56959d02e36d 100644 +--- a/fs/smb/client/misc.c ++++ b/fs/smb/client/misc.c +@@ -101,6 +101,7 @@ sesInfoFree(struct cifs_ses *buf_to_free) + kfree(buf_to_free->serverDomain); + kfree(buf_to_free->serverNOS); + kfree_sensitive(buf_to_free->password); ++ kfree_sensitive(buf_to_free->password2); + kfree(buf_to_free->user_name); + kfree(buf_to_free->domainName); + kfree_sensitive(buf_to_free->auth_key.response); +diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c +index 94bd4c6d2d682..70530108b9bb9 100644 +--- a/fs/smb/client/smb2pdu.c ++++ b/fs/smb/client/smb2pdu.c +@@ -367,6 +367,17 @@ smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon, + } + + rc = cifs_setup_session(0, ses, server, nls_codepage); ++ if ((rc == -EACCES) || (rc == -EKEYEXPIRED) || (rc == -EKEYREVOKED)) { ++ /* ++ * Try alternate password for next reconnect (key rotation ++ * could be enabled on the server e.g.) if an alternate ++ * password is available and the current password is expired, ++ * but do not swap on non pwd related errors like host down ++ */ ++ if (ses->password2) ++ swap(ses->password2, ses->password); ++ } ++ + if ((rc == -EACCES) && !tcon->retry) { + mutex_unlock(&ses->session_mutex); + rc = -EHOSTDOWN; +-- +2.43.0 + diff --git a/queue-6.6/sunrpc-add-a-missing-rpc_stat-for-tcp-tls.patch b/queue-6.6/sunrpc-add-a-missing-rpc_stat-for-tcp-tls.patch new file mode 100644 index 00000000000..3968f6c81c5 --- /dev/null +++ b/queue-6.6/sunrpc-add-a-missing-rpc_stat-for-tcp-tls.patch @@ -0,0 +1,99 @@ +From 8fc9ac604f8f2270c3aec0314a54a464963587f4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 2 Apr 2024 14:41:38 -0400 +Subject: SUNRPC: add a missing rpc_stat for TCP TLS + +From: Olga Kornievskaia + +[ Upstream commit 8e088a20dbe33919695a8082c0b32deb62d23b4a ] + +Commit 1548036ef120 ("nfs: make the rpc_stat per net namespace") added +functionality to specify rpc_stats function but missed adding it to the +TCP TLS functionality. As the result, mounting with xprtsec=tls lead to +the following kernel oops. + +[ 128.984192] Unable to handle kernel NULL pointer dereference at +virtual address 000000000000001c +[ 128.985058] Mem abort info: +[ 128.985372] ESR = 0x0000000096000004 +[ 128.985709] EC = 0x25: DABT (current EL), IL = 32 bits +[ 128.986176] SET = 0, FnV = 0 +[ 128.986521] EA = 0, S1PTW = 0 +[ 128.986804] FSC = 0x04: level 0 translation fault +[ 128.987229] Data abort info: +[ 128.987597] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 +[ 128.988169] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 +[ 128.988811] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 +[ 128.989302] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000106c84000 +[ 128.990048] [000000000000001c] pgd=0000000000000000, p4d=0000000000000000 +[ 128.990736] Internal error: Oops: 0000000096000004 [#1] SMP +[ 128.991168] Modules linked in: nfs_layout_nfsv41_files +rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace netfs +uinput dm_mod nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib +nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct +nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill +ip_set nf_tables nfnetlink qrtr vsock_loopback +vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vsock +sunrpc vfat fat uvcvideo videobuf2_vmalloc videobuf2_memops uvc +videobuf2_v4l2 videodev videobuf2_common mc vmw_vmci xfs libcrc32c +e1000e crct10dif_ce ghash_ce sha2_ce vmwgfx nvme sha256_arm64 +nvme_core sr_mod cdrom sha1_ce drm_ttm_helper ttm drm_kms_helper drm +sg fuse +[ 128.996466] CPU: 0 PID: 179 Comm: kworker/u4:26 Kdump: loaded Not +tainted 6.8.0-rc6+ #12 +[ 128.997226] Hardware name: VMware, Inc. VMware20,1/VBSA, BIOS +VMW201.00V.21805430.BA64.2305221830 05/22/2023 +[ 128.998084] Workqueue: xprtiod xs_tcp_tls_setup_socket [sunrpc] +[ 128.998701] pstate: 81400005 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) +[ 128.999384] pc : call_start+0x74/0x138 [sunrpc] +[ 128.999809] lr : __rpc_execute+0xb8/0x3e0 [sunrpc] +[ 129.000244] sp : ffff8000832b3a00 +[ 129.000508] x29: ffff8000832b3a00 x28: ffff800081ac79c0 x27: ffff800081ac7000 +[ 129.001111] x26: 0000000004248060 x25: 0000000000000000 x24: ffff800081596008 +[ 129.001757] x23: ffff80007b087240 x22: ffff00009a509d30 x21: 0000000000000000 +[ 129.002345] x20: ffff000090075600 x19: ffff00009a509d00 x18: ffffffffffffffff +[ 129.002912] x17: 733d4d4554535953 x16: 42555300312d746e x15: ffff8000832b3a88 +[ 129.003464] x14: ffffffffffffffff x13: ffff8000832b3a7d x12: 0000000000000008 +[ 129.004021] x11: 0101010101010101 x10: ffff8000150cb560 x9 : ffff80007b087c00 +[ 129.004577] x8 : ffff00009a509de0 x7 : 0000000000000000 x6 : 00000000be8c4ee3 +[ 129.005026] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff000094d56680 +[ 129.005425] x2 : ffff80007b0637f8 x1 : ffff000090075600 x0 : ffff00009a509d00 +[ 129.005824] Call trace: +[ 129.005967] call_start+0x74/0x138 [sunrpc] +[ 129.006233] __rpc_execute+0xb8/0x3e0 [sunrpc] +[ 129.006506] rpc_execute+0x160/0x1d8 [sunrpc] +[ 129.006778] rpc_run_task+0x148/0x1f8 [sunrpc] +[ 129.007204] tls_probe+0x80/0xd0 [sunrpc] +[ 129.007460] rpc_ping+0x28/0x80 [sunrpc] +[ 129.007715] rpc_create_xprt+0x134/0x1a0 [sunrpc] +[ 129.007999] rpc_create+0x128/0x2a0 [sunrpc] +[ 129.008264] xs_tcp_tls_setup_socket+0xdc/0x508 [sunrpc] +[ 129.008583] process_one_work+0x174/0x3c8 +[ 129.008813] worker_thread+0x2c8/0x3e0 +[ 129.009033] kthread+0x100/0x110 +[ 129.009225] ret_from_fork+0x10/0x20 +[ 129.009432] Code: f0ffffc2 911fe042 aa1403e1 aa1303e0 (b9401c83) + +Fixes: 1548036ef120 ("nfs: make the rpc_stat per net namespace") +Signed-off-by: Olga Kornievskaia +Signed-off-by: Trond Myklebust +Signed-off-by: Sasha Levin +--- + net/sunrpc/xprtsock.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c +index a15bf2ede89bf..c3007f3e16f8c 100644 +--- a/net/sunrpc/xprtsock.c ++++ b/net/sunrpc/xprtsock.c +@@ -2644,6 +2644,7 @@ static void xs_tcp_tls_setup_socket(struct work_struct *work) + .xprtsec = { + .policy = RPC_XPRTSEC_NONE, + }, ++ .stats = upper_clnt->cl_stats, + }; + unsigned int pflags = current->flags; + struct rpc_clnt *lower_clnt; +-- +2.43.0 + diff --git a/queue-6.6/tools-power-turbostat-fix-added-raw-msr-output.patch b/queue-6.6/tools-power-turbostat-fix-added-raw-msr-output.patch new file mode 100644 index 00000000000..8732e3cd478 --- /dev/null +++ b/queue-6.6/tools-power-turbostat-fix-added-raw-msr-output.patch @@ -0,0 +1,87 @@ +From fec708ffb2a2720659cb56def0c7b748b954e402 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 3 Apr 2023 14:11:38 -0700 +Subject: tools/power turbostat: Fix added raw MSR output + +From: Doug Smythies + +[ Upstream commit e5f4e68eed85fa8495d78cd966eecc2b27bb9e53 ] + +When using --Summary mode, added MSRs in raw mode always +print zeros. Print the actual register contents. + +Example, with patch: + +note the added column: +--add msr0x64f,u32,package,raw,REASON + +Where: + +0x64F is MSR_CORE_PERF_LIMIT_REASONS + +Busy% Bzy_MHz PkgTmp PkgWatt CorWatt REASON +0.00 4800 35 1.42 0.76 0x00000000 +0.00 4801 34 1.42 0.76 0x00000000 +80.08 4531 66 108.17 107.52 0x08000000 +98.69 4530 66 133.21 132.54 0x08000000 +99.28 4505 66 128.26 127.60 0x0c000400 +99.65 4486 68 124.91 124.25 0x0c000400 +99.63 4483 68 124.90 124.25 0x0c000400 +79.34 4481 41 99.80 99.13 0x0c000000 +0.00 4801 41 1.40 0.73 0x0c000000 + +Where, for the test processor (i5-10600K): + +PKG Limit #1: 125.000 Watts, 8.000000 sec +MSR bit 26 = log; bit 10 = status + +PKG Limit #2: 136.000 Watts, 0.002441 sec +MSR bit 27 = log; bit 11 = status + +Example, without patch: + +Busy% Bzy_MHz PkgTmp PkgWatt CorWatt REASON +0.01 4800 35 1.43 0.77 0x00000000 +0.00 4801 35 1.39 0.73 0x00000000 +83.49 4531 66 112.71 112.06 0x00000000 +98.69 4530 68 133.35 132.69 0x00000000 +99.31 4500 67 127.96 127.30 0x00000000 +99.63 4483 69 124.91 124.25 0x00000000 +99.61 4481 69 124.90 124.25 0x00000000 +99.61 4481 71 124.92 124.25 0x00000000 +59.35 4479 42 75.03 74.37 0x00000000 +0.00 4800 42 1.39 0.73 0x00000000 +0.00 4801 42 1.42 0.76 0x00000000 + +c000000 + +[lenb: simplified patch to apply only to package scope] + +Signed-off-by: Doug Smythies +Signed-off-by: Len Brown +Signed-off-by: Sasha Levin +--- + tools/power/x86/turbostat/turbostat.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/tools/power/x86/turbostat/turbostat.c b/tools/power/x86/turbostat/turbostat.c +index 785de89077de0..9602a4798f383 100644 +--- a/tools/power/x86/turbostat/turbostat.c ++++ b/tools/power/x86/turbostat/turbostat.c +@@ -1811,9 +1811,10 @@ int sum_counters(struct thread_data *t, struct core_data *c, struct pkg_data *p) + average.packages.rapl_dram_perf_status += p->rapl_dram_perf_status; + + for (i = 0, mp = sys.pp; mp; i++, mp = mp->next) { +- if (mp->format == FORMAT_RAW) +- continue; +- average.packages.counter[i] += p->counter[i]; ++ if ((mp->format == FORMAT_RAW) && (topo.num_packages == 0)) ++ average.packages.counter[i] = p->counter[i]; ++ else ++ average.packages.counter[i] += p->counter[i]; + } + return 0; + } +-- +2.43.0 + diff --git a/queue-6.6/tools-power-turbostat-fix-bzy_mhz-documentation-typo.patch b/queue-6.6/tools-power-turbostat-fix-bzy_mhz-documentation-typo.patch new file mode 100644 index 00000000000..14bb9a7073c --- /dev/null +++ b/queue-6.6/tools-power-turbostat-fix-bzy_mhz-documentation-typo.patch @@ -0,0 +1,35 @@ +From a81df7a6f63bcdd7e7035e2900ebcf1f646a08aa Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 7 Oct 2023 13:46:22 +0800 +Subject: tools/power turbostat: Fix Bzy_MHz documentation typo + +From: Peng Liu + +[ Upstream commit 0b13410b52c4636aacb6964a4253a797c0fa0d16 ] + +The code calculates Bzy_MHz by multiplying TSC_delta * APERF_delta/MPERF_delta +The man page erroneously showed that TSC_delta was divided. + +Signed-off-by: Peng Liu +Signed-off-by: Len Brown +Signed-off-by: Sasha Levin +--- + tools/power/x86/turbostat/turbostat.8 | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/power/x86/turbostat/turbostat.8 b/tools/power/x86/turbostat/turbostat.8 +index 8f08c3fd498d5..1ba6340d3b3da 100644 +--- a/tools/power/x86/turbostat/turbostat.8 ++++ b/tools/power/x86/turbostat/turbostat.8 +@@ -370,7 +370,7 @@ below the processor's base frequency. + + Busy% = MPERF_delta/TSC_delta + +-Bzy_MHz = TSC_delta/APERF_delta/MPERF_delta/measurement_interval ++Bzy_MHz = TSC_delta*APERF_delta/MPERF_delta/measurement_interval + + Note that these calculations depend on TSC_delta, so they + are not reliable during intervals when TSC_MHz is not running at the base frequency. +-- +2.43.0 + diff --git a/queue-6.6/tools-power-turbostat-fix-uncore-frequency-file-stri.patch b/queue-6.6/tools-power-turbostat-fix-uncore-frequency-file-stri.patch new file mode 100644 index 00000000000..848df6f70ea --- /dev/null +++ b/queue-6.6/tools-power-turbostat-fix-uncore-frequency-file-stri.patch @@ -0,0 +1,53 @@ +From 7c1f9b0f5ff7ad83d6fb67dfa7ef04aee1de5cfa Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 2 Apr 2024 13:40:29 -0400 +Subject: tools/power/turbostat: Fix uncore frequency file string + +From: Justin Ernst + +[ Upstream commit 60add818ab2543b7e4f2bfeaacf2504743c1eb50 ] + +Running turbostat on a 16 socket HPE Scale-up Compute 3200 (SapphireRapids) fails with: +turbostat: /sys/devices/system/cpu/intel_uncore_frequency/package_010_die_00/current_freq_khz: open failed: No such file or directory + +We observe the sysfs uncore frequency directories named: +... +package_09_die_00/ +package_10_die_00/ +package_11_die_00/ +... +package_15_die_00/ + +The culprit is an incorrect sprintf format string "package_0%d_die_0%d" used +with each instance of reading uncore frequency files. uncore-frequency-common.c +creates the sysfs directory with the format "package_%02d_die_%02d". Once the +package value reaches double digits, the formats diverge. + +Change each instance of "package_0%d_die_0%d" to "package_%02d_die_%02d". + +[lenb: deleted the probe part of this patch, as it was already fixed] + +Signed-off-by: Justin Ernst +Reviewed-by: Thomas Renninger +Signed-off-by: Len Brown +Signed-off-by: Sasha Levin +--- + tools/power/x86/turbostat/turbostat.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/power/x86/turbostat/turbostat.c b/tools/power/x86/turbostat/turbostat.c +index 0561362301c53..ffa964ddbacef 100644 +--- a/tools/power/x86/turbostat/turbostat.c ++++ b/tools/power/x86/turbostat/turbostat.c +@@ -1969,7 +1969,7 @@ unsigned long long get_uncore_mhz(int package, int die) + { + char path[128]; + +- sprintf(path, "/sys/devices/system/cpu/intel_uncore_frequency/package_0%d_die_0%d/current_freq_khz", package, ++ sprintf(path, "/sys/devices/system/cpu/intel_uncore_frequency/package_%02d_die_%02d/current_freq_khz", package, + die); + + return (snapshot_sysfs_counter(path) / 1000); +-- +2.43.0 + diff --git a/queue-6.6/tools-power-turbostat-fix-warning-upon-failed-dev-cp.patch b/queue-6.6/tools-power-turbostat-fix-warning-upon-failed-dev-cp.patch new file mode 100644 index 00000000000..895ee04db0c --- /dev/null +++ b/queue-6.6/tools-power-turbostat-fix-warning-upon-failed-dev-cp.patch @@ -0,0 +1,42 @@ +From 4dbd16cc4f3c22367a7d2ed17a745c26e9e500ba Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 19 Jan 2024 12:25:42 -0600 +Subject: tools/power turbostat: Fix warning upon failed /dev/cpu_dma_latency + read + +From: Len Brown + +[ Upstream commit b6fe938317eed58e8c687bd5965a956e15fb5828 ] + +Previously a failed read of /dev/cpu_dma_latency erroneously complained +turbostat: capget(CAP_SYS_ADMIN) failed, try "# setcap cap_sys_admin=ep ./turbostat + +This went unnoticed because this file is typically visible to root, +and turbostat was typically run as root. + +Going forward, when a non-root user can run turbostat... +Complain about failed read access to this file only if --debug is used. + +Signed-off-by: Len Brown +Signed-off-by: Sasha Levin +--- + tools/power/x86/turbostat/turbostat.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/tools/power/x86/turbostat/turbostat.c b/tools/power/x86/turbostat/turbostat.c +index 4dfeda4870f71..0561362301c53 100644 +--- a/tools/power/x86/turbostat/turbostat.c ++++ b/tools/power/x86/turbostat/turbostat.c +@@ -5479,7 +5479,8 @@ void print_dev_latency(void) + + fd = open(path, O_RDONLY); + if (fd < 0) { +- warnx("capget(CAP_SYS_ADMIN) failed, try \"# setcap cap_sys_admin=ep %s\"", progname); ++ if (debug) ++ warnx("Read %s failed", path); + return; + } + +-- +2.43.0 + diff --git a/queue-6.6/tools-power-turbostat-increase-the-limit-for-fd-open.patch b/queue-6.6/tools-power-turbostat-increase-the-limit-for-fd-open.patch new file mode 100644 index 00000000000..9a0c30e115c --- /dev/null +++ b/queue-6.6/tools-power-turbostat-increase-the-limit-for-fd-open.patch @@ -0,0 +1,86 @@ +From 6289911b2c81fa26db05e64dfa981eb682481fda Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 3 Oct 2023 05:07:51 +0000 +Subject: tools/power turbostat: Increase the limit for fd opened + +From: Wyes Karny + +[ Upstream commit 3ac1d14d0583a2de75d49a5234d767e2590384dd ] + +When running turbostat, a system with 512 cpus reaches the limit for +maximum number of file descriptors that can be opened. To solve this +problem, the limit is raised to 2^15, which is a large enough number. + +Below data is collected from AMD server systems while running turbostat: + +|-----------+-------------------------------| +| # of cpus | # of opened fds for turbostat | +|-----------+-------------------------------| +| 128 | 260 | +|-----------+-------------------------------| +| 192 | 388 | +|-----------+-------------------------------| +| 512 | 1028 | +|-----------+-------------------------------| + +So, the new max limit would be sufficient up to 2^14 cpus (but this +also depends on how many counters are enabled). + +Reviewed-by: Doug Smythies +Tested-by: Doug Smythies +Signed-off-by: Wyes Karny +Signed-off-by: Len Brown +Signed-off-by: Sasha Levin +--- + tools/power/x86/turbostat/turbostat.c | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +diff --git a/tools/power/x86/turbostat/turbostat.c b/tools/power/x86/turbostat/turbostat.c +index 9602a4798f383..5b892c53fc2c2 100644 +--- a/tools/power/x86/turbostat/turbostat.c ++++ b/tools/power/x86/turbostat/turbostat.c +@@ -53,6 +53,8 @@ + #define NAME_BYTES 20 + #define PATH_BYTES 128 + ++#define MAX_NOFILE 0x8000 ++ + enum counter_scope { SCOPE_CPU, SCOPE_CORE, SCOPE_PACKAGE }; + enum counter_type { COUNTER_ITEMS, COUNTER_CYCLES, COUNTER_SECONDS, COUNTER_USEC }; + enum counter_format { FORMAT_RAW, FORMAT_DELTA, FORMAT_PERCENT }; +@@ -6719,6 +6721,22 @@ void cmdline(int argc, char **argv) + } + } + ++void set_rlimit(void) ++{ ++ struct rlimit limit; ++ ++ if (getrlimit(RLIMIT_NOFILE, &limit) < 0) ++ err(1, "Failed to get rlimit"); ++ ++ if (limit.rlim_max < MAX_NOFILE) ++ limit.rlim_max = MAX_NOFILE; ++ if (limit.rlim_cur < MAX_NOFILE) ++ limit.rlim_cur = MAX_NOFILE; ++ ++ if (setrlimit(RLIMIT_NOFILE, &limit) < 0) ++ err(1, "Failed to set rlimit"); ++} ++ + int main(int argc, char **argv) + { + outf = stderr; +@@ -6731,6 +6749,9 @@ int main(int argc, char **argv) + + probe_sysfs(); + ++ if (!getuid()) ++ set_rlimit(); ++ + turbostat_init(); + + msr_sum_record(); +-- +2.43.0 + diff --git a/queue-6.6/tools-power-turbostat-print-ucode-revision-only-if-v.patch b/queue-6.6/tools-power-turbostat-print-ucode-revision-only-if-v.patch new file mode 100644 index 00000000000..b95a56c30cd --- /dev/null +++ b/queue-6.6/tools-power-turbostat-print-ucode-revision-only-if-v.patch @@ -0,0 +1,59 @@ +From f2819d1c4ee8515e3daf4f5ae5940bf7a321f026 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 12 Jan 2024 13:48:14 +0100 +Subject: tools/power turbostat: Print ucode revision only if valid + +From: Patryk Wlazlyn + +[ Upstream commit fb5ceca046efc84f69fcf9779a013f8a0e63bbff ] + +If the MSR read were to fail, turbostat would print "microcode 0x0" + +Signed-off-by: Patryk Wlazlyn +Reviewed-by: Len Brown +Signed-off-by: Len Brown +Signed-off-by: Sasha Levin +--- + tools/power/x86/turbostat/turbostat.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/tools/power/x86/turbostat/turbostat.c b/tools/power/x86/turbostat/turbostat.c +index 5b892c53fc2c2..4dfeda4870f71 100644 +--- a/tools/power/x86/turbostat/turbostat.c ++++ b/tools/power/x86/turbostat/turbostat.c +@@ -5518,6 +5518,7 @@ void process_cpuid() + unsigned int eax, ebx, ecx, edx; + unsigned int fms, family, model, stepping, ecx_flags, edx_flags; + unsigned long long ucode_patch = 0; ++ bool ucode_patch_valid = false; + + eax = ebx = ecx = edx = 0; + +@@ -5547,6 +5548,8 @@ void process_cpuid() + + if (get_msr(sched_getcpu(), MSR_IA32_UCODE_REV, &ucode_patch)) + warnx("get_msr(UCODE)"); ++ else ++ ucode_patch_valid = true; + + /* + * check max extended function levels of CPUID. +@@ -5557,9 +5560,12 @@ void process_cpuid() + __cpuid(0x80000000, max_extended_level, ebx, ecx, edx); + + if (!quiet) { +- fprintf(outf, "CPUID(1): family:model:stepping 0x%x:%x:%x (%d:%d:%d) microcode 0x%x\n", +- family, model, stepping, family, model, stepping, +- (unsigned int)((ucode_patch >> 32) & 0xFFFFFFFF)); ++ fprintf(outf, "CPUID(1): family:model:stepping 0x%x:%x:%x (%d:%d:%d)", ++ family, model, stepping, family, model, stepping); ++ if (ucode_patch_valid) ++ fprintf(outf, " microcode 0x%x", (unsigned int)((ucode_patch >> 32) & 0xFFFFFFFF)); ++ fputc('\n', outf); ++ + fprintf(outf, "CPUID(0x80000000): max_extended_levels: 0x%x\n", max_extended_level); + fprintf(outf, "CPUID(1): %s %s %s %s %s %s %s %s %s %s\n", + ecx_flags & (1 << 0) ? "SSE3" : "-", +-- +2.43.0 + diff --git a/queue-6.6/uio_hv_generic-don-t-free-decrypted-memory.patch b/queue-6.6/uio_hv_generic-don-t-free-decrypted-memory.patch new file mode 100644 index 00000000000..0f218fd462d --- /dev/null +++ b/queue-6.6/uio_hv_generic-don-t-free-decrypted-memory.patch @@ -0,0 +1,76 @@ +From 7746ff36adb01d2ef88ab90461fef6c6e4ed215d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 11 Mar 2024 09:15:57 -0700 +Subject: uio_hv_generic: Don't free decrypted memory + +From: Rick Edgecombe + +[ Upstream commit 3d788b2fbe6a1a1a9e3db09742b90809d51638b7 ] + +In CoCo VMs it is possible for the untrusted host to cause +set_memory_encrypted() or set_memory_decrypted() to fail such that an +error is returned and the resulting memory is shared. Callers need to +take care to handle these errors to avoid returning decrypted (shared) +memory to the page allocator, which could lead to functional or security +issues. + +The VMBus device UIO driver could free decrypted/shared pages if +set_memory_decrypted() fails. Check the decrypted field in the gpadl +to decide whether to free the memory. + +Signed-off-by: Rick Edgecombe +Signed-off-by: Michael Kelley +Reviewed-by: Kuppuswamy Sathyanarayanan +Acked-by: Kirill A. Shutemov +Link: https://lore.kernel.org/r/20240311161558.1310-5-mhklinux@outlook.com +Signed-off-by: Wei Liu +Message-ID: <20240311161558.1310-5-mhklinux@outlook.com> +Signed-off-by: Sasha Levin +--- + drivers/uio/uio_hv_generic.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/drivers/uio/uio_hv_generic.c b/drivers/uio/uio_hv_generic.c +index 20d9762331bd7..6be3462b109ff 100644 +--- a/drivers/uio/uio_hv_generic.c ++++ b/drivers/uio/uio_hv_generic.c +@@ -181,12 +181,14 @@ hv_uio_cleanup(struct hv_device *dev, struct hv_uio_private_data *pdata) + { + if (pdata->send_gpadl.gpadl_handle) { + vmbus_teardown_gpadl(dev->channel, &pdata->send_gpadl); +- vfree(pdata->send_buf); ++ if (!pdata->send_gpadl.decrypted) ++ vfree(pdata->send_buf); + } + + if (pdata->recv_gpadl.gpadl_handle) { + vmbus_teardown_gpadl(dev->channel, &pdata->recv_gpadl); +- vfree(pdata->recv_buf); ++ if (!pdata->recv_gpadl.decrypted) ++ vfree(pdata->recv_buf); + } + } + +@@ -295,7 +297,8 @@ hv_uio_probe(struct hv_device *dev, + ret = vmbus_establish_gpadl(channel, pdata->recv_buf, + RECV_BUFFER_SIZE, &pdata->recv_gpadl); + if (ret) { +- vfree(pdata->recv_buf); ++ if (!pdata->recv_gpadl.decrypted) ++ vfree(pdata->recv_buf); + goto fail_close; + } + +@@ -317,7 +320,8 @@ hv_uio_probe(struct hv_device *dev, + ret = vmbus_establish_gpadl(channel, pdata->send_buf, + SEND_BUFFER_SIZE, &pdata->send_gpadl); + if (ret) { +- vfree(pdata->send_buf); ++ if (!pdata->send_gpadl.decrypted) ++ vfree(pdata->send_buf); + goto fail_close; + } + +-- +2.43.0 + diff --git a/queue-6.6/vboxsf-explicitly-deny-setlease-attempts.patch b/queue-6.6/vboxsf-explicitly-deny-setlease-attempts.patch new file mode 100644 index 00000000000..4ec937f7169 --- /dev/null +++ b/queue-6.6/vboxsf-explicitly-deny-setlease-attempts.patch @@ -0,0 +1,37 @@ +From 1444155ee78a9c79e4e29bc1a425775585905686 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 19 Mar 2024 12:32:04 -0400 +Subject: vboxsf: explicitly deny setlease attempts + +From: Jeff Layton + +[ Upstream commit 1ece2c43b88660ddbdf8ecb772e9c41ed9cda3dd ] + +vboxsf does not break leases on its own, so it can't properly handle the +case where the hypervisor changes the data. Don't allow file leases on +vboxsf. + +Signed-off-by: Jeff Layton +Link: https://lore.kernel.org/r/20240319-setlease-v1-1-5997d67e04b3@kernel.org +Reviewed-by: Hans de Goede +Signed-off-by: Hans de Goede +Signed-off-by: Sasha Levin +--- + fs/vboxsf/file.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/fs/vboxsf/file.c b/fs/vboxsf/file.c +index 2307f8037efc3..118dedef8ebe8 100644 +--- a/fs/vboxsf/file.c ++++ b/fs/vboxsf/file.c +@@ -218,6 +218,7 @@ const struct file_operations vboxsf_reg_fops = { + .release = vboxsf_file_release, + .fsync = noop_fsync, + .splice_read = filemap_splice_read, ++ .setlease = simple_nosetlease, + }; + + const struct inode_operations vboxsf_reg_iops = { +-- +2.43.0 + diff --git a/queue-6.6/wifi-cfg80211-fix-rdev_dump_mpp-arguments-order.patch b/queue-6.6/wifi-cfg80211-fix-rdev_dump_mpp-arguments-order.patch new file mode 100644 index 00000000000..d32db0c83a0 --- /dev/null +++ b/queue-6.6/wifi-cfg80211-fix-rdev_dump_mpp-arguments-order.patch @@ -0,0 +1,38 @@ +From 0f8ced9ce7cc7c4e05f8cb0f3006066882fde836 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 11 Mar 2024 19:45:19 +0300 +Subject: wifi: cfg80211: fix rdev_dump_mpp() arguments order + +From: Igor Artemiev + +[ Upstream commit ec50f3114e55406a1aad24b7dfaa1c3f4336d8eb ] + +Fix the order of arguments in the TP_ARGS macro +for the rdev_dump_mpp tracepoint event. + +Found by Linux Verification Center (linuxtesting.org). + +Signed-off-by: Igor Artemiev +Link: https://msgid.link/20240311164519.118398-1-Igor.A.Artemiev@mcst.ru +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + net/wireless/trace.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/wireless/trace.h b/net/wireless/trace.h +index 617c0d0dfa963..e89443173c7b4 100644 +--- a/net/wireless/trace.h ++++ b/net/wireless/trace.h +@@ -1015,7 +1015,7 @@ TRACE_EVENT(rdev_get_mpp, + TRACE_EVENT(rdev_dump_mpp, + TP_PROTO(struct wiphy *wiphy, struct net_device *netdev, int _idx, + u8 *dst, u8 *mpp), +- TP_ARGS(wiphy, netdev, _idx, mpp, dst), ++ TP_ARGS(wiphy, netdev, _idx, dst, mpp), + TP_STRUCT__entry( + WIPHY_ENTRY + NETDEV_ENTRY +-- +2.43.0 + diff --git a/queue-6.6/wifi-iwlwifi-mvm-guard-against-invalid-sta-id-on-rem.patch b/queue-6.6/wifi-iwlwifi-mvm-guard-against-invalid-sta-id-on-rem.patch new file mode 100644 index 00000000000..4319121ec37 --- /dev/null +++ b/queue-6.6/wifi-iwlwifi-mvm-guard-against-invalid-sta-id-on-rem.patch @@ -0,0 +1,46 @@ +From 92cc7bf110299bf8c1511ec62665e8a699525b71 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 20 Mar 2024 23:26:23 +0200 +Subject: wifi: iwlwifi: mvm: guard against invalid STA ID on removal + +From: Benjamin Berg + +[ Upstream commit 17f64517bf5c26af56b6c3566273aad6646c3c4f ] + +Guard against invalid station IDs in iwl_mvm_mld_rm_sta_id as that would +result in out-of-bounds array accesses. This prevents issues should the +driver get into a bad state during error handling. + +Signed-off-by: Benjamin Berg +Signed-off-by: Miri Korenblit +Link: https://msgid.link/20240320232419.d523167bda9c.I1cffd86363805bf86a95d8bdfd4b438bb54baddc@changeid +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c b/drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c +index 1ccbe8c1eeb42..278454c116fee 100644 +--- a/drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c ++++ b/drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c +@@ -853,10 +853,15 @@ int iwl_mvm_mld_rm_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif, + + int iwl_mvm_mld_rm_sta_id(struct iwl_mvm *mvm, u8 sta_id) + { +- int ret = iwl_mvm_mld_rm_sta_from_fw(mvm, sta_id); ++ int ret; + + lockdep_assert_held(&mvm->mutex); + ++ if (WARN_ON(sta_id == IWL_MVM_INVALID_STA)) ++ return 0; ++ ++ ret = iwl_mvm_mld_rm_sta_from_fw(mvm, sta_id); ++ + RCU_INIT_POINTER(mvm->fw_id_to_mac_id[sta_id], NULL); + RCU_INIT_POINTER(mvm->fw_id_to_link_sta[sta_id], NULL); + return ret; +-- +2.43.0 + diff --git a/queue-6.6/wifi-iwlwifi-read-txq-read_ptr-under-lock.patch b/queue-6.6/wifi-iwlwifi-read-txq-read_ptr-under-lock.patch new file mode 100644 index 00000000000..0fcdc373adc --- /dev/null +++ b/queue-6.6/wifi-iwlwifi-read-txq-read_ptr-under-lock.patch @@ -0,0 +1,42 @@ +From fba6d79d8884673ce23759db07b67c5515385da1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 19 Mar 2024 10:10:22 +0200 +Subject: wifi: iwlwifi: read txq->read_ptr under lock + +From: Johannes Berg + +[ Upstream commit c2ace6300600c634553657785dfe5ea0ed688ac2 ] + +If we read txq->read_ptr without lock, we can read the same +value twice, then obtain the lock, and reclaim from there +to two different places, but crucially reclaim the same +entry twice, resulting in the WARN_ONCE() a little later. +Fix that by reading txq->read_ptr under lock. + +Signed-off-by: Johannes Berg +Signed-off-by: Miri Korenblit +Link: https://msgid.link/20240319100755.bf4c62196504.I978a7ca56c6bd6f1bf42c15aa923ba03366a840b@changeid +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/intel/iwlwifi/queue/tx.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/wireless/intel/iwlwifi/queue/tx.c b/drivers/net/wireless/intel/iwlwifi/queue/tx.c +index ca74b1b63cac1..0efa304904bd3 100644 +--- a/drivers/net/wireless/intel/iwlwifi/queue/tx.c ++++ b/drivers/net/wireless/intel/iwlwifi/queue/tx.c +@@ -1588,9 +1588,9 @@ void iwl_txq_reclaim(struct iwl_trans *trans, int txq_id, int ssn, + return; + + tfd_num = iwl_txq_get_cmd_index(txq, ssn); +- read_ptr = iwl_txq_get_cmd_index(txq, txq->read_ptr); + + spin_lock_bh(&txq->lock); ++ read_ptr = iwl_txq_get_cmd_index(txq, txq->read_ptr); + + if (!test_bit(txq_id, trans->txqs.queue_used)) { + IWL_DEBUG_TX_QUEUES(trans, "Q %d inactive - ignoring idx %d\n", +-- +2.43.0 + diff --git a/queue-6.6/wifi-mac80211-fix-ieee80211_bss_-_flags-kernel-doc.patch b/queue-6.6/wifi-mac80211-fix-ieee80211_bss_-_flags-kernel-doc.patch new file mode 100644 index 00000000000..64a24164454 --- /dev/null +++ b/queue-6.6/wifi-mac80211-fix-ieee80211_bss_-_flags-kernel-doc.patch @@ -0,0 +1,49 @@ +From f20aeba06933f76af6aa5a0887f61d96bfabd1c0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 14 Mar 2024 14:23:00 -0700 +Subject: wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc + +From: Jeff Johnson + +[ Upstream commit 774f8841f55d7ac4044c79812691649da203584a ] + +Running kernel-doc on ieee80211_i.h flagged the following: +net/mac80211/ieee80211_i.h:145: warning: expecting prototype for enum ieee80211_corrupt_data_flags. Prototype was for enum ieee80211_bss_corrupt_data_flags instead +net/mac80211/ieee80211_i.h:162: warning: expecting prototype for enum ieee80211_valid_data_flags. Prototype was for enum ieee80211_bss_valid_data_flags instead + +Fix these warnings. + +Signed-off-by: Jeff Johnson +Reviewed-by: Simon Horman +Link: https://msgid.link/20240314-kdoc-ieee80211_i-v1-1-72b91b55b257@quicinc.com +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + net/mac80211/ieee80211_i.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h +index 07beb72ddd25a..fefaa9e902a2f 100644 +--- a/net/mac80211/ieee80211_i.h ++++ b/net/mac80211/ieee80211_i.h +@@ -122,7 +122,7 @@ struct ieee80211_bss { + }; + + /** +- * enum ieee80211_corrupt_data_flags - BSS data corruption flags ++ * enum ieee80211_bss_corrupt_data_flags - BSS data corruption flags + * @IEEE80211_BSS_CORRUPT_BEACON: last beacon frame received was corrupted + * @IEEE80211_BSS_CORRUPT_PROBE_RESP: last probe response received was corrupted + * +@@ -135,7 +135,7 @@ enum ieee80211_bss_corrupt_data_flags { + }; + + /** +- * enum ieee80211_valid_data_flags - BSS valid data flags ++ * enum ieee80211_bss_valid_data_flags - BSS valid data flags + * @IEEE80211_BSS_VALID_WMM: WMM/UAPSD data was gathered from non-corrupt IE + * @IEEE80211_BSS_VALID_RATES: Supported rates were gathered from non-corrupt IE + * @IEEE80211_BSS_VALID_ERP: ERP flag was gathered from non-corrupt IE +-- +2.43.0 + diff --git a/queue-6.6/wifi-mac80211-fix-prep_connection-error-path.patch b/queue-6.6/wifi-mac80211-fix-prep_connection-error-path.patch new file mode 100644 index 00000000000..4df1bee6fa8 --- /dev/null +++ b/queue-6.6/wifi-mac80211-fix-prep_connection-error-path.patch @@ -0,0 +1,51 @@ +From 41dde43a7dcc72a31a137a4d55d796f378469fe3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 18 Mar 2024 18:53:30 +0200 +Subject: wifi: mac80211: fix prep_connection error path + +From: Johannes Berg + +[ Upstream commit 2e6bd24339a6ff04413b2e49c0f2672d6f0edfa5 ] + +If prep_channel fails in prep_connection, the code releases +the deflink's chanctx, which is wrong since we may be using +a different link. It's already wrong to even do that always +though, since we might still have the station. Remove it +only if prep_channel succeeded and later updates fail. + +Signed-off-by: Johannes Berg +Signed-off-by: Miri Korenblit +Link: https://msgid.link/20240318184907.2780c1f08c3d.I033c9b15483933088f32a2c0789612a33dd33d82@changeid +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + net/mac80211/mlme.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c +index 6e574e2adc22e..cf01f1f298a3b 100644 +--- a/net/mac80211/mlme.c ++++ b/net/mac80211/mlme.c +@@ -7080,7 +7080,7 @@ static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, + sdata_info(sdata, + "failed to insert STA entry for the AP (error %d)\n", + err); +- goto out_err; ++ goto out_release_chan; + } + } else + WARN_ON_ONCE(!ether_addr_equal(link->u.mgd.bssid, cbss->bssid)); +@@ -7091,8 +7091,9 @@ static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, + + return 0; + ++out_release_chan: ++ ieee80211_link_release_channel(link); + out_err: +- ieee80211_link_release_channel(&sdata->deflink); + ieee80211_vif_set_links(sdata, 0, 0); + return err; + } +-- +2.43.0 + -- 2.47.2